From: Igor Stoppa <igor.stoppa@gmail.com>
To: Stephen Smalley <sds@tycho.nsa.gov>,
willy@infradead.org, keescook@chromium.org, paul@paul-moore.com,
mhocko@kernel.org, corbet@lwn.net
Cc: labbott@redhat.com, david@fromorbit.com, rppt@linux.vnet.ibm.com,
linux-security-module@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Igor Stoppa <igor.stoppa@huawei.com>
Subject: Re: [PATCH 9/9] Protect SELinux initialized state with pmalloc
Date: Tue, 24 Apr 2018 18:35:18 +0400 [thread overview]
Message-ID: <34d804c6-8aea-52ee-41b8-139aaf188d80@gmail.com> (raw)
In-Reply-To: <13ee6991-db48-d484-66a6-90de45fad2df@tycho.nsa.gov>
On 24/04/18 16:49, Stephen Smalley wrote:
> On 04/23/2018 08:54 AM, Igor Stoppa wrote:
[...]
>> The patch is probably in need of rework, to make it fit better with the
>> new SELinux internal data structures, however it shows how to deny an
>> easy target to the attacker.
>
> I know this is just an example, but not sure why you wouldn't just protect the
> entire selinux_state.
Because I have much more to discuss about SELinux, which would involve
the whole state, the policyDB and the AVC
I will start a separate thread about that. This was merely as simple as
possible example of the use of the API.
I just wanted to have a feeling about how it would be received :-)
> Note btw that the selinux_state encapsulation is preparatory work
> for selinux namespaces [1], at which point the structure is in fact dynamically allocated
> and there can be multiple instances of it. That however is work-in-progress, highly experimental,
> and might not ever make it upstream (if we can't resolve the various challenges it poses in a satisfactory
> way).
Yes, I am aware of this and I would like to discuss also in the light of
the future directions.
I just didn't want to waste too much time on something that you might
want to change radically in a month :-)
I already was caught once by surprise when ss_initalized disappeared
just when I had a patch ready for it :-)
--
igor
WARNING: multiple messages have this Message-ID (diff)
From: igor.stoppa@gmail.com (Igor Stoppa)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 9/9] Protect SELinux initialized state with pmalloc
Date: Tue, 24 Apr 2018 18:35:18 +0400 [thread overview]
Message-ID: <34d804c6-8aea-52ee-41b8-139aaf188d80@gmail.com> (raw)
In-Reply-To: <13ee6991-db48-d484-66a6-90de45fad2df@tycho.nsa.gov>
On 24/04/18 16:49, Stephen Smalley wrote:
> On 04/23/2018 08:54 AM, Igor Stoppa wrote:
[...]
>> The patch is probably in need of rework, to make it fit better with the
>> new SELinux internal data structures, however it shows how to deny an
>> easy target to the attacker.
>
> I know this is just an example, but not sure why you wouldn't just protect the
> entire selinux_state.
Because I have much more to discuss about SELinux, which would involve
the whole state, the policyDB and the AVC
I will start a separate thread about that. This was merely as simple as
possible example of the use of the API.
I just wanted to have a feeling about how it would be received :-)
> Note btw that the selinux_state encapsulation is preparatory work
> for selinux namespaces [1], at which point the structure is in fact dynamically allocated
> and there can be multiple instances of it. That however is work-in-progress, highly experimental,
> and might not ever make it upstream (if we can't resolve the various challenges it poses in a satisfactory
> way).
Yes, I am aware of this and I would like to discuss also in the light of
the future directions.
I just didn't want to waste too much time on something that you might
want to change radically in a month :-)
I already was caught once by surprise when ss_initalized disappeared
just when I had a patch ready for it :-)
--
igor
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-04-24 14:35 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-23 12:54 [RFC PATCH v23 0/6] mm: security: write protection for dynamic data Igor Stoppa
2018-04-23 12:54 ` [PATCH 1/9] struct page: add field for vm_struct Igor Stoppa
2018-04-23 12:54 ` [PATCH 2/9] vmalloc: rename llist field in vmap_area Igor Stoppa
2018-04-23 12:54 ` [PATCH 3/9] Protectable Memory Igor Stoppa
2018-04-23 12:54 ` [PATCH 4/9] Documentation for Pmalloc Igor Stoppa
2018-04-23 12:54 ` [PATCH 5/9] Pmalloc selftest Igor Stoppa
2018-04-23 12:54 ` [PATCH 6/9] lkdtm: crash on overwriting protected pmalloc var Igor Stoppa
2018-04-23 12:54 ` [PATCH 7/9] Pmalloc Rare Write: modify selected pools Igor Stoppa
2018-04-24 11:50 ` Matthew Wilcox
2018-04-24 12:32 ` lazytyped
2018-04-24 12:32 ` lazytyped
2018-04-24 12:39 ` Igor Stoppa
2018-04-24 12:39 ` Igor Stoppa
2018-04-24 14:44 ` Matthew Wilcox
2018-04-24 15:03 ` lazytyped
2018-04-24 15:03 ` lazytyped
2018-04-24 15:29 ` Igor Stoppa
2018-04-25 20:58 ` Igor Stoppa
2018-04-25 20:58 ` Igor Stoppa
2018-04-24 12:33 ` Igor Stoppa
2018-04-24 12:33 ` Igor Stoppa
2018-04-24 17:04 ` Igor Stoppa
2018-04-24 17:04 ` Igor Stoppa
2018-04-24 17:04 ` Igor Stoppa
2018-05-03 21:52 ` Correct way to access the physmap? - Was: " Igor Stoppa
2018-05-03 21:52 ` Igor Stoppa
2018-05-03 21:55 ` Dave Hansen
2018-05-03 21:55 ` Dave Hansen
2018-05-03 22:52 ` Igor Stoppa
2018-05-03 22:52 ` Igor Stoppa
2018-04-23 12:54 ` [PATCH 8/9] Preliminary self test for pmalloc rare write Igor Stoppa
2018-04-23 12:54 ` [PATCH 9/9] Protect SELinux initialized state with pmalloc Igor Stoppa
2018-04-24 5:58 ` kbuild test robot
2018-04-24 5:58 ` kbuild test robot
2018-04-24 12:49 ` Stephen Smalley
2018-04-24 12:49 ` Stephen Smalley
2018-04-24 14:35 ` Igor Stoppa [this message]
2018-04-24 14:35 ` Igor Stoppa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=34d804c6-8aea-52ee-41b8-139aaf188d80@gmail.com \
--to=igor.stoppa@gmail.com \
--cc=corbet@lwn.net \
--cc=david@fromorbit.com \
--cc=igor.stoppa@huawei.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=paul@paul-moore.com \
--cc=rppt@linux.vnet.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.