From: Igor Stoppa <igor.stoppa@gmail.com> To: Stephen Smalley <sds@tycho.nsa.gov>, willy@infradead.org, keescook@chromium.org, paul@paul-moore.com, mhocko@kernel.org, corbet@lwn.net Cc: labbott@redhat.com, david@fromorbit.com, rppt@linux.vnet.ibm.com, linux-security-module@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Igor Stoppa <igor.stoppa@huawei.com> Subject: Re: [PATCH 9/9] Protect SELinux initialized state with pmalloc Date: Tue, 24 Apr 2018 18:35:18 +0400 [thread overview] Message-ID: <34d804c6-8aea-52ee-41b8-139aaf188d80@gmail.com> (raw) In-Reply-To: <13ee6991-db48-d484-66a6-90de45fad2df@tycho.nsa.gov> On 24/04/18 16:49, Stephen Smalley wrote: > On 04/23/2018 08:54 AM, Igor Stoppa wrote: [...] >> The patch is probably in need of rework, to make it fit better with the >> new SELinux internal data structures, however it shows how to deny an >> easy target to the attacker. > > I know this is just an example, but not sure why you wouldn't just protect the > entire selinux_state. Because I have much more to discuss about SELinux, which would involve the whole state, the policyDB and the AVC I will start a separate thread about that. This was merely as simple as possible example of the use of the API. I just wanted to have a feeling about how it would be received :-) > Note btw that the selinux_state encapsulation is preparatory work > for selinux namespaces [1], at which point the structure is in fact dynamically allocated > and there can be multiple instances of it. That however is work-in-progress, highly experimental, > and might not ever make it upstream (if we can't resolve the various challenges it poses in a satisfactory > way). Yes, I am aware of this and I would like to discuss also in the light of the future directions. I just didn't want to waste too much time on something that you might want to change radically in a month :-) I already was caught once by surprise when ss_initalized disappeared just when I had a patch ready for it :-) -- igor
WARNING: multiple messages have this Message-ID (diff)
From: igor.stoppa@gmail.com (Igor Stoppa) To: linux-security-module@vger.kernel.org Subject: [PATCH 9/9] Protect SELinux initialized state with pmalloc Date: Tue, 24 Apr 2018 18:35:18 +0400 [thread overview] Message-ID: <34d804c6-8aea-52ee-41b8-139aaf188d80@gmail.com> (raw) In-Reply-To: <13ee6991-db48-d484-66a6-90de45fad2df@tycho.nsa.gov> On 24/04/18 16:49, Stephen Smalley wrote: > On 04/23/2018 08:54 AM, Igor Stoppa wrote: [...] >> The patch is probably in need of rework, to make it fit better with the >> new SELinux internal data structures, however it shows how to deny an >> easy target to the attacker. > > I know this is just an example, but not sure why you wouldn't just protect the > entire selinux_state. Because I have much more to discuss about SELinux, which would involve the whole state, the policyDB and the AVC I will start a separate thread about that. This was merely as simple as possible example of the use of the API. I just wanted to have a feeling about how it would be received :-) > Note btw that the selinux_state encapsulation is preparatory work > for selinux namespaces [1], at which point the structure is in fact dynamically allocated > and there can be multiple instances of it. That however is work-in-progress, highly experimental, > and might not ever make it upstream (if we can't resolve the various challenges it poses in a satisfactory > way). Yes, I am aware of this and I would like to discuss also in the light of the future directions. I just didn't want to waste too much time on something that you might want to change radically in a month :-) I already was caught once by surprise when ss_initalized disappeared just when I had a patch ready for it :-) -- igor -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-04-24 14:35 UTC|newest] Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-04-23 12:54 [RFC PATCH v23 0/6] mm: security: write protection for dynamic data Igor Stoppa 2018-04-23 12:54 ` [PATCH 1/9] struct page: add field for vm_struct Igor Stoppa 2018-04-23 12:54 ` [PATCH 2/9] vmalloc: rename llist field in vmap_area Igor Stoppa 2018-04-23 12:54 ` [PATCH 3/9] Protectable Memory Igor Stoppa 2018-04-23 12:54 ` [PATCH 4/9] Documentation for Pmalloc Igor Stoppa 2018-04-23 12:54 ` [PATCH 5/9] Pmalloc selftest Igor Stoppa 2018-04-23 12:54 ` [PATCH 6/9] lkdtm: crash on overwriting protected pmalloc var Igor Stoppa 2018-04-23 12:54 ` [PATCH 7/9] Pmalloc Rare Write: modify selected pools Igor Stoppa 2018-04-24 11:50 ` Matthew Wilcox 2018-04-24 12:32 ` lazytyped 2018-04-24 12:32 ` lazytyped 2018-04-24 12:39 ` Igor Stoppa 2018-04-24 12:39 ` Igor Stoppa 2018-04-24 14:44 ` Matthew Wilcox 2018-04-24 15:03 ` lazytyped 2018-04-24 15:03 ` lazytyped 2018-04-24 15:29 ` Igor Stoppa 2018-04-25 20:58 ` Igor Stoppa 2018-04-25 20:58 ` Igor Stoppa 2018-04-24 12:33 ` Igor Stoppa 2018-04-24 12:33 ` Igor Stoppa 2018-04-24 17:04 ` Igor Stoppa 2018-04-24 17:04 ` Igor Stoppa 2018-04-24 17:04 ` Igor Stoppa 2018-05-03 21:52 ` Correct way to access the physmap? - Was: " Igor Stoppa 2018-05-03 21:52 ` Igor Stoppa 2018-05-03 21:55 ` Dave Hansen 2018-05-03 21:55 ` Dave Hansen 2018-05-03 22:52 ` Igor Stoppa 2018-05-03 22:52 ` Igor Stoppa 2018-04-23 12:54 ` [PATCH 8/9] Preliminary self test for pmalloc rare write Igor Stoppa 2018-04-23 12:54 ` [PATCH 9/9] Protect SELinux initialized state with pmalloc Igor Stoppa 2018-04-24 5:58 ` kbuild test robot 2018-04-24 5:58 ` kbuild test robot 2018-04-24 12:49 ` Stephen Smalley 2018-04-24 12:49 ` Stephen Smalley 2018-04-24 14:35 ` Igor Stoppa [this message] 2018-04-24 14:35 ` Igor Stoppa
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=34d804c6-8aea-52ee-41b8-139aaf188d80@gmail.com \ --to=igor.stoppa@gmail.com \ --cc=corbet@lwn.net \ --cc=david@fromorbit.com \ --cc=igor.stoppa@huawei.com \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=labbott@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-security-module@vger.kernel.org \ --cc=mhocko@kernel.org \ --cc=paul@paul-moore.com \ --cc=rppt@linux.vnet.ibm.com \ --cc=sds@tycho.nsa.gov \ --cc=willy@infradead.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.