From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47397C2D0C2 for ; Tue, 31 Dec 2019 17:15:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2340C206E4 for ; Tue, 31 Dec 2019 17:15:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727054AbfLaRPI (ORCPT ); Tue, 31 Dec 2019 12:15:08 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:31260 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726060AbfLaRPI (ORCPT ); Tue, 31 Dec 2019 12:15:08 -0500 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBVHE3mj105298 for ; Tue, 31 Dec 2019 12:15:07 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 2x6n49yq5j-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 31 Dec 2019 12:15:06 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 31 Dec 2019 17:15:04 -0000 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 31 Dec 2019 17:15:00 -0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xBVHExP854657256 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Dec 2019 17:14:59 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9A11BA4054; Tue, 31 Dec 2019 17:14:59 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 54DF2A405C; Tue, 31 Dec 2019 17:14:58 +0000 (GMT) Received: from localhost.localdomain (unknown [9.85.184.68]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 31 Dec 2019 17:14:58 +0000 (GMT) Subject: Re: [PATCH v12 03/25] LSM: Use lsmblob in security_audit_rule_match From: Mimi Zohar To: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, Matthew Garrett Cc: keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com, sds@tycho.nsa.gov Date: Tue, 31 Dec 2019 12:14:57 -0500 In-Reply-To: <20191224231915.7208-4-casey@schaufler-ca.com> References: <20191224231915.7208-1-casey@schaufler-ca.com> <20191224231915.7208-4-casey@schaufler-ca.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19123117-0008-0000-0000-000003458448 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19123117-0009-0000-0000-00004A65B6AB Message-Id: <1577812497.5874.97.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-31_05:2019-12-30,2019-12-31 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 impostorscore=0 mlxscore=0 mlxlogscore=999 clxscore=1015 priorityscore=1501 bulkscore=0 malwarescore=0 phishscore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912310149 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org [Cc'ing Matthew Garret based on the additional bprm call to process_measurement() - commit d906c10d8a31 ("IMA: Support using new creds in appraisal policy")] On Tue, 2019-12-24 at 15:18 -0800, Casey Schaufler wrote: > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index f19a895ad7cd..193ddd55420b 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -414,6 +414,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, > for (i = 0; i < MAX_LSM_RULES; i++) { > int rc = 0; > u32 osid; > + struct lsmblob blob; > > if (!rule->lsm[i].rule) > continue; > @@ -423,7 +424,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, > case LSM_OBJ_ROLE: > case LSM_OBJ_TYPE: > security_inode_getsecid(inode, &osid); > - rc = security_filter_rule_match(osid, > + lsmblob_init(&blob, osid); > + rc = security_filter_rule_match(&blob, > rule->lsm[i].type, > Audit_equal, > rule->lsm[i].rule); > @@ -431,7 +433,8 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, > case LSM_SUBJ_USER: > case LSM_SUBJ_ROLE: > case LSM_SUBJ_TYPE: > - rc = security_filter_rule_match(secid, > + lsmblob_init(&blob, secid); > + rc = security_filter_rule_match(&blob, On the bprm hook, IMA calls process_measurement() twice.  The first time the secid is passed as an argument based on a call to security_task_getsecid(), while the second time it is based on security_cred_getsecid().  process_measurement() passes the correct secid converted to a blob, but instead of using the passed variable, this code uses the locally defined blob field.  A later patch removes the the lsmblob_init(), leaving the local blob uninitialized.  Something is terribly wrong here. Mimi > rule->lsm[i].type, > Audit_equal, > rule->lsm[i].rule); >