From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Cyrus-Session-Id: sloti33d1t02-1703727-1528121052-2-15184898297807857944 X-Sieve: CMU Sieve 3.0 X-Spam-known-sender: no ("Email failed DMARC policy for domain") X-Spam-charsets: plain='UTF-8' X-IgnoreVacation: yes ("Email failed DMARC policy for domain") X-Resolved-to: linux@kroah.com X-Delivered-to: linux@kroah.com X-Mail-from: linux-security-module-owner@vger.kernel.org ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm2; t= 1528121052; b=jeBueFSl3eFNOtRpviIUIDlVIus69a9XwL9EdVB9wt2u9ftOOR uMF7RB8EczftgCYNAGrdgF32EE0H4UmgaUyYFAuBW6UwWJE3VNM8IlNp88+XMl8H AHWz/3MagCdXUuDpMchFHGn67DLvsBfuwsvI+z6YksXMjYPRm/JYrEevpzgRTtbs UlhazL0TqULYC/ClTZ8biNbR3+OmXJcgnHlgJ5gOEM98aWr9ILpyLKPI+GpPWnze EUdddb9jKmvSBkLKqqmJThsRIKnIpitEJUTKVZgux0PDFXk1+cN4SGaxS84PiEeT DHY+xMR6u+fY3RdEb+7YrBbwd9KcZXgoJSgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=subject:from:to:cc:date:in-reply-to :references:content-type:mime-version:content-transfer-encoding :message-id:sender:list-id; s=fm2; t=1528121052; bh=euMQP95/rcac UafrdNqQ5K4IY4BiMzzXAbVpMLuSzJs=; b=JhgRVttUKkhCjowdk73SOOlBWK1Q LZGIbiJnbTwi+ToKQ/EpbUfRwJC8Aojdmy4UgRazwAxSjX009kcon6YRPCeMXFYv uAv/pRP2X915Q3oDiT6Qnv1c9zC8bCRfnpRH/hiBj5flyahYQs3aR5CUCTPxcGij W6XKIO4ICQaNf/qT4ObIlak2SMY4CE7HPq60632fPalze+TCbiEg9uC7qp739Ad5 VlUB2wj+VUzbZeo1tS3kDff9MNSiM8MN+Gx35QuSpW1C8XvSIe9hTISh7IAfBHia Yd1QbIeGojjmcrhIjwySPWoUhAKcIt1NNq+mh4wAGC30gLQjxMY4KHUwWw== ARC-Authentication-Results: i=1; mx1.messagingengine.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=fail (p=none,has-list-id=yes,d=none) header.from=linux.vnet.ibm.com; iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org); spf=none smtp.mailfrom=linux-security-module-owner@vger.kernel.org smtp.helo=vger.kernel.org; x-aligned-from=fail; x-cm=none score=0; x-ptr=pass smtp.helo=vger.kernel.org policy.ptr=vger.kernel.org; x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=linux.vnet.ibm.com header.result=pass header_org.domain=ibm.com header_org.result=pass header_is_org_domain=no; x-vs=clean score=-100 state=0 Authentication-Results: mx1.messagingengine.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=fail (p=none,has-list-id=yes,d=none) header.from=linux.vnet.ibm.com; iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org); spf=none smtp.mailfrom=linux-security-module-owner@vger.kernel.org smtp.helo=vger.kernel.org; x-aligned-from=fail; x-cm=none score=0; x-ptr=pass smtp.helo=vger.kernel.org policy.ptr=vger.kernel.org; x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=linux.vnet.ibm.com header.result=pass header_org.domain=ibm.com header_org.result=pass header_is_org_domain=no; x-vs=clean score=-100 state=0 X-ME-VSCategory: clean X-CM-Envelope: MS4wfKsbYCmxbRvbnnZB/JlHICBF/SD1PqdQVEkFQsy5+Vkc4skF4KmSh+SFXx9L6WqX6Ew26TBcn96HyJTzB67i49PCrP6gnbvfuKIDLOcVWKO6R0c5YAVU ahavLFap1HLeoz89H5MWb+wjkBa2EUtvyOhcYdKnATn3wW1PfbSoRyW2h3BfB0cGQTAoopTIPnGInGndgWCwom+ku7MuZ4yutvyO8BenOsRES84+V8nHNoIC kvaE/DcXY1ppsnUMPyxGjQ== X-CM-Analysis: v=2.3 cv=WaUilXpX c=1 sm=1 tr=0 a=UK1r566ZdBxH71SXbqIOeA==:117 a=UK1r566ZdBxH71SXbqIOeA==:17 a=IkcTkHD0fZMA:10 a=7mUfYlMuFuIA:10 a=VwQbUJbxAAAA:8 a=18aXAE-iQdpnPZATxN0A:9 a=QEXdDO2ut3YA:10 a=x8gzFH9gYPwA:10 a=AjGcO6oz07-iQ99wixmX:22 X-ME-CMScore: 0 X-ME-CMCategory: none Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752062AbeFDOEJ (ORCPT ); Mon, 4 Jun 2018 10:04:09 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:33273 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751933AbeFDOEI (ORCPT ); Mon, 4 Jun 2018 10:04:08 -0400 Subject: Re: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures From: Mimi Zohar To: Casey Schaufler , James Morris , Kees Cook , Paul Moore , "Serge E. Hallyn" Cc: linux-integrity , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , "Luis R . Rodriguez" , Eric Biederman , kexec@lists.infradead.org, Andres Rodriguez , Greg Kroah-Hartman , Ard Biesheuvel , Jessica Yu Date: Mon, 04 Jun 2018 10:03:45 -0400 In-Reply-To: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18060414-0028-0000-0000-000002CC87E8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18060414-0029-0000-0000-000023830E2C Message-Id: <1528121025.3237.116.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-06-04_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806040166 Sender: owner-linux-security-module@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On Tue, 2018-05-29 at 14:01 -0400, Mimi Zohar wrote: > Instead of adding the security_kernel_read_file LSM hook - or defining a > wrapper for security_kernel_read_file LSM hook and adding it, or > renaming the existing hook to security_kernel_read_data() and adding it > - in places where the kernel isn't reading a file, this version of the > patch set defines a new LSM hook named security_kernel_load_data(). > > The new LSM hook does not replace the existing security_kernel_read_file > LSM hook, which is still needed, but defines a new LSM hook allowing > LSMs and IMA-appraisal the opportunity to fail loading userspace > provided file/data. > > The only difference between the two LSM hooks is the LSM hook name and a > file descriptor. Whether this is cause enough for requiring a new LSM > hook, is left to the security community. Paul does not have a preference as to adding a new LSM hook or calling the existing hook.  Either way is fine, as long as both the new and existing hooks call the existing function. Casey didn't like the idea of a wrapper. James suggested renaming the LSM hook. The maintainers for the callers of the LSM hook prefer a meaningful LSM hook name.  The "null" argument is not as much of a concern.  Only Eric seems to be asking for a separate, new LSM hook, without the "null" argument. Unless someone really objects, to accommodate Eric we'll define a new LSM hook named security_kernel_load_data.  Eric, are you planning on Ack'ing patches 1 & 2? Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 From: zohar@linux.vnet.ibm.com (Mimi Zohar) Date: Mon, 04 Jun 2018 10:03:45 -0400 Subject: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures In-Reply-To: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> Message-ID: <1528121025.3237.116.camel@linux.vnet.ibm.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Tue, 2018-05-29 at 14:01 -0400, Mimi Zohar wrote: > Instead of adding the security_kernel_read_file LSM hook - or defining a > wrapper for security_kernel_read_file LSM hook and adding it, or > renaming the existing hook to security_kernel_read_data() and adding it > - in places where the kernel isn't reading a file, this version of the > patch set defines a new LSM hook named security_kernel_load_data(). > > The new LSM hook does not replace the existing security_kernel_read_file > LSM hook, which is still needed, but defines a new LSM hook allowing > LSMs and IMA-appraisal the opportunity to fail loading userspace > provided file/data. > > The only difference between the two LSM hooks is the LSM hook name and a > file descriptor. Whether this is cause enough for requiring a new LSM > hook, is left to the security community. Paul does not have a preference as to adding a new LSM hook or calling the existing hook. ?Either way is fine, as long as both the new and existing hooks call the existing function. Casey didn't like the idea of a wrapper. James suggested renaming the LSM hook. The maintainers for the callers of the LSM hook prefer a meaningful LSM hook name. ?The "null" argument is not as much of a concern. ?Only Eric seems to be asking for a separate, new LSM hook, without the "null" argument. Unless someone really objects, to accommodate Eric we'll define a new LSM hook named security_kernel_load_data. ?Eric, are you planning on Ack'ing patches 1 & 2? Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:58088 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751473AbeFDOEI (ORCPT ); Mon, 4 Jun 2018 10:04:08 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w54DxxDu105793 for ; Mon, 4 Jun 2018 10:04:07 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2jd5ux3ua2-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 04 Jun 2018 10:04:06 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 4 Jun 2018 15:04:04 +0100 Subject: Re: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures From: Mimi Zohar To: Casey Schaufler , James Morris , Kees Cook , Paul Moore , "Serge E. Hallyn" Cc: linux-integrity , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , "Luis R . Rodriguez" , Eric Biederman , kexec@lists.infradead.org, Andres Rodriguez , Greg Kroah-Hartman , Ard Biesheuvel , Jessica Yu Date: Mon, 04 Jun 2018 10:03:45 -0400 In-Reply-To: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Message-Id: <1528121025.3237.116.camel@linux.vnet.ibm.com> Sender: linux-integrity-owner@vger.kernel.org List-ID: On Tue, 2018-05-29 at 14:01 -0400, Mimi Zohar wrote: > Instead of adding the security_kernel_read_file LSM hook - or defining a > wrapper for security_kernel_read_file LSM hook and adding it, or > renaming the existing hook to security_kernel_read_data() and adding it > - in places where the kernel isn't reading a file, this version of the > patch set defines a new LSM hook named security_kernel_load_data(). > > The new LSM hook does not replace the existing security_kernel_read_file > LSM hook, which is still needed, but defines a new LSM hook allowing > LSMs and IMA-appraisal the opportunity to fail loading userspace > provided file/data. > > The only difference between the two LSM hooks is the LSM hook name and a > file descriptor. Whether this is cause enough for requiring a new LSM > hook, is left to the security community. Paul does not have a preference as to adding a new LSM hook or calling the existing hook. Either way is fine, as long as both the new and existing hooks call the existing function. Casey didn't like the idea of a wrapper. James suggested renaming the LSM hook. The maintainers for the callers of the LSM hook prefer a meaningful LSM hook name. The "null" argument is not as much of a concern. Only Eric seems to be asking for a separate, new LSM hook, without the "null" argument. Unless someone really objects, to accommodate Eric we'll define a new LSM hook named security_kernel_load_data. Eric, are you planning on Ack'ing patches 1 & 2? Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fPq5u-0000iD-2y for kexec@lists.infradead.org; Mon, 04 Jun 2018 14:04:29 +0000 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w54DxnJR080217 for ; Mon, 4 Jun 2018 10:04:08 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2jd59wwjgx-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 04 Jun 2018 10:04:07 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 4 Jun 2018 15:04:04 +0100 Subject: Re: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures From: Mimi Zohar Date: Mon, 04 Jun 2018 10:03:45 -0400 In-Reply-To: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> Mime-Version: 1.0 Message-Id: <1528121025.3237.116.camel@linux.vnet.ibm.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Casey Schaufler , James Morris , Kees Cook , Paul Moore , "Serge E. Hallyn" Cc: Ard Biesheuvel , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , "Luis R . Rodriguez" , Eric Biederman , Jessica Yu , linux-integrity , Andres Rodriguez T24gVHVlLCAyMDE4LTA1LTI5IGF0IDE0OjAxIC0wNDAwLCBNaW1pIFpvaGFyIHdyb3RlOgo+IElu c3RlYWQgb2YgYWRkaW5nIHRoZSBzZWN1cml0eV9rZXJuZWxfcmVhZF9maWxlIExTTSBob29rIC0g b3IgZGVmaW5pbmcgYQo+IHdyYXBwZXIgZm9yIHNlY3VyaXR5X2tlcm5lbF9yZWFkX2ZpbGUgTFNN IGhvb2sgYW5kIGFkZGluZyBpdCwgb3IKPiByZW5hbWluZyB0aGUgZXhpc3RpbmcgaG9vayB0byBz ZWN1cml0eV9rZXJuZWxfcmVhZF9kYXRhKCkgYW5kIGFkZGluZyBpdAo+IC0gaW4gcGxhY2VzIHdo ZXJlIHRoZSBrZXJuZWwgaXNuJ3QgcmVhZGluZyBhIGZpbGUsIHRoaXMgdmVyc2lvbiBvZiB0aGUK PiBwYXRjaCBzZXQgZGVmaW5lcyBhIG5ldyBMU00gaG9vayBuYW1lZCBzZWN1cml0eV9rZXJuZWxf bG9hZF9kYXRhKCkuCj4gCj4gVGhlIG5ldyBMU00gaG9vayBkb2VzIG5vdCByZXBsYWNlIHRoZSBl eGlzdGluZyBzZWN1cml0eV9rZXJuZWxfcmVhZF9maWxlCj4gTFNNIGhvb2ssIHdoaWNoIGlzIHN0 aWxsIG5lZWRlZCwgYnV0IGRlZmluZXMgYSBuZXcgTFNNIGhvb2sgYWxsb3dpbmcKPiBMU01zIGFu ZCBJTUEtYXBwcmFpc2FsIHRoZSBvcHBvcnR1bml0eSB0byBmYWlsIGxvYWRpbmcgdXNlcnNwYWNl Cj4gcHJvdmlkZWQgZmlsZS9kYXRhLgo+IAo+IFRoZSBvbmx5IGRpZmZlcmVuY2UgYmV0d2VlbiB0 aGUgdHdvIExTTSBob29rcyBpcyB0aGUgTFNNIGhvb2sgbmFtZSBhbmQgYQo+IGZpbGUgZGVzY3Jp cHRvci4gIFdoZXRoZXIgdGhpcyBpcyBjYXVzZSBlbm91Z2ggZm9yIHJlcXVpcmluZyBhIG5ldyBM U00KPiBob29rLCBpcyBsZWZ0IHRvIHRoZSBzZWN1cml0eSBjb21tdW5pdHkuCgpQYXVsIGRvZXMg bm90IGhhdmUgYSBwcmVmZXJlbmNlIGFzIHRvIGFkZGluZyBhIG5ldyBMU00gaG9vayBvciBjYWxs aW5nCnRoZSBleGlzdGluZyBob29rLiDCoEVpdGhlciB3YXkgaXMgZmluZSwgYXMgbG9uZyBhcyBi b3RoIHRoZSBuZXcgYW5kCmV4aXN0aW5nIGhvb2tzIGNhbGwgdGhlIGV4aXN0aW5nIGZ1bmN0aW9u LgoKQ2FzZXkgZGlkbid0IGxpa2UgdGhlIGlkZWEgb2YgYSB3cmFwcGVyLgpKYW1lcyBzdWdnZXN0 ZWQgcmVuYW1pbmcgdGhlIExTTSBob29rLgoKVGhlIG1haW50YWluZXJzIGZvciB0aGUgY2FsbGVy cyBvZiB0aGUgTFNNIGhvb2sgcHJlZmVyIGEgbWVhbmluZ2Z1bApMU00gaG9vayBuYW1lLiDCoFRo ZSAibnVsbCIgYXJndW1lbnQgaXMgbm90IGFzIG11Y2ggb2YgYSBjb25jZXJuLiDCoE9ubHkKRXJp YyBzZWVtcyB0byBiZSBhc2tpbmcgZm9yIGEgc2VwYXJhdGUsIG5ldyBMU00gaG9vaywgd2l0aG91 dCB0aGUKIm51bGwiIGFyZ3VtZW50LgoKVW5sZXNzIHNvbWVvbmUgcmVhbGx5IG9iamVjdHMsIHRv IGFjY29tbW9kYXRlIEVyaWMgd2UnbGwgZGVmaW5lIGEgbmV3CkxTTSBob29rIG5hbWVkIHNlY3Vy aXR5X2tlcm5lbF9sb2FkX2RhdGEuIMKgRXJpYywgYXJlIHlvdSBwbGFubmluZyBvbgpBY2snaW5n IHBhdGNoZXMgMSAmIDI/CgpNaW1pCgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18Ka2V4ZWMgbWFpbGluZyBsaXN0CmtleGVjQGxpc3RzLmluZnJhZGVhZC5v cmcKaHR0cDovL2xpc3RzLmluZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0aW5mby9rZXhlYwo=