* [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
@ 2019-04-12 11:04 Tetsuo Handa
2019-04-22 13:06 ` Tetsuo Handa
2019-04-29 20:07 ` James Morris
0 siblings, 2 replies; 5+ messages in thread
From: Tetsuo Handa @ 2019-04-12 11:04 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module, Tetsuo Handa, syzbot, syzbot, syzbot
syzbot is reporting kernel panic triggered by memory allocation fault
injection before loading TOMOYO's policy [1]. To make the fuzzing tests
useful, we need to assign a profile other than "disabled" (no-op) mode.
Therefore, let's allow syzbot to load TOMOYO's built-in policy for
"learning" mode using a kernel config option. This option must not be
enabled for kernels built for production system, for this option also
disables domain/program checks when modifying policy configuration via
/sys/kernel/security/tomoyo/ interface.
[1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95
Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/tomoyo/Kconfig | 10 ++++++++++
security/tomoyo/common.c | 13 ++++++++++++-
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/security/tomoyo/Kconfig b/security/tomoyo/Kconfig
index 404dce6..a00ab7e 100644
--- a/security/tomoyo/Kconfig
+++ b/security/tomoyo/Kconfig
@@ -74,3 +74,13 @@ config SECURITY_TOMOYO_ACTIVATION_TRIGGER
You can override this setting via TOMOYO_trigger= kernel command line
option. For example, if you pass init=/bin/systemd option, you may
want to also pass TOMOYO_trigger=/bin/systemd option.
+
+config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
+ bool "Use insecure built-in settings for fuzzing tests."
+ default n
+ depends on SECURITY_TOMOYO
+ select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
+ help
+ Enabling this option forces minimal built-in policy and disables
+ domain/program checks for run-time policy modifications. Please enable
+ this option only if this kernel is built for doing fuzzing tests.
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 57988d9..dd3d594 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -940,7 +940,7 @@ static bool tomoyo_manager(void)
const char *exe;
const struct task_struct *task = current;
const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
- bool found = false;
+ bool found = IS_ENABLED(CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING);
if (!tomoyo_policy_loaded)
return true;
@@ -2810,6 +2810,16 @@ void tomoyo_check_profile(void)
*/
void __init tomoyo_load_builtin_policy(void)
{
+#ifdef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
+ static char tomoyo_builtin_profile[] __initdata =
+ "PROFILE_VERSION=20150505\n"
+ "0-CONFIG={ mode=learning grant_log=no reject_log=yes }\n";
+ static char tomoyo_builtin_exception_policy[] __initdata =
+ "aggregator proc:/self/exe /proc/self/exe\n";
+ static char tomoyo_builtin_domain_policy[] __initdata = "";
+ static char tomoyo_builtin_manager[] __initdata = "";
+ static char tomoyo_builtin_stat[] __initdata = "";
+#else
/*
* This include file is manually created and contains built-in policy
* named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
@@ -2817,6 +2827,7 @@ void __init tomoyo_load_builtin_policy(void)
* "tomoyo_builtin_stat" in the form of "static char [] __initdata".
*/
#include "builtin-policy.h"
+#endif
u8 i;
const int idx = tomoyo_read_lock();
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
2019-04-12 11:04 [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing Tetsuo Handa
@ 2019-04-22 13:06 ` Tetsuo Handa
2019-04-22 22:52 ` James Morris
2019-04-29 20:07 ` James Morris
1 sibling, 1 reply; 5+ messages in thread
From: Tetsuo Handa @ 2019-04-22 13:06 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module
James, will you apply this patch and
"[PATCH 3/3] tomoyo: Check address length before reading address family" and
"[PATCH] tomoyo: Change pathname calculation for read-only filesystems." ?
On 2019/04/12 20:04, Tetsuo Handa wrote:
> syzbot is reporting kernel panic triggered by memory allocation fault
> injection before loading TOMOYO's policy [1]. To make the fuzzing tests
> useful, we need to assign a profile other than "disabled" (no-op) mode.
> Therefore, let's allow syzbot to load TOMOYO's built-in policy for
> "learning" mode using a kernel config option. This option must not be
> enabled for kernels built for production system, for this option also
> disables domain/program checks when modifying policy configuration via
> /sys/kernel/security/tomoyo/ interface.
>
> [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95
>
> Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
> Reported-by: syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
> Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> security/tomoyo/Kconfig | 10 ++++++++++
> security/tomoyo/common.c | 13 ++++++++++++-
> 2 files changed, 22 insertions(+), 1 deletion(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
2019-04-22 13:06 ` Tetsuo Handa
@ 2019-04-22 22:52 ` James Morris
2019-04-23 10:44 ` Tetsuo Handa
0 siblings, 1 reply; 5+ messages in thread
From: James Morris @ 2019-04-22 22:52 UTC (permalink / raw)
To: Tetsuo Handa; +Cc: linux-security-module
On Mon, 22 Apr 2019, Tetsuo Handa wrote:
> James, will you apply this patch and
> "[PATCH 3/3] tomoyo: Check address length before reading address family" and
> "[PATCH] tomoyo: Change pathname calculation for read-only filesystems." ?
On the 2nd one, did we see any feedback from Al?
>
> On 2019/04/12 20:04, Tetsuo Handa wrote:
> > syzbot is reporting kernel panic triggered by memory allocation fault
> > injection before loading TOMOYO's policy [1]. To make the fuzzing tests
> > useful, we need to assign a profile other than "disabled" (no-op) mode.
> > Therefore, let's allow syzbot to load TOMOYO's built-in policy for
> > "learning" mode using a kernel config option. This option must not be
> > enabled for kernels built for production system, for this option also
> > disables domain/program checks when modifying policy configuration via
> > /sys/kernel/security/tomoyo/ interface.
> >
> > [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95
> >
> > Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
> > Reported-by: syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
> > Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > ---
> > security/tomoyo/Kconfig | 10 ++++++++++
> > security/tomoyo/common.c | 13 ++++++++++++-
> > 2 files changed, 22 insertions(+), 1 deletion(-)
>
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
2019-04-22 22:52 ` James Morris
@ 2019-04-23 10:44 ` Tetsuo Handa
0 siblings, 0 replies; 5+ messages in thread
From: Tetsuo Handa @ 2019-04-23 10:44 UTC (permalink / raw)
To: James Morris; +Cc: linux-security-module
On 2019/04/23 7:52, James Morris wrote:
> On Mon, 22 Apr 2019, Tetsuo Handa wrote:
>
>> James, will you apply this patch and
>> "[PATCH 3/3] tomoyo: Check address length before reading address family" and
>> "[PATCH] tomoyo: Change pathname calculation for read-only filesystems." ?
>
> On the 2nd one, did we see any feedback from Al?
>
Not yet. I wonder he has any comment...
But I believe there is no reason to delay this patch and
"[PATCH 3/3] tomoyo: Check address length before reading address family" patch
because these two patches are needed for avoiding crashes by syzbot's testing.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing.
2019-04-12 11:04 [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing Tetsuo Handa
2019-04-22 13:06 ` Tetsuo Handa
@ 2019-04-29 20:07 ` James Morris
1 sibling, 0 replies; 5+ messages in thread
From: James Morris @ 2019-04-29 20:07 UTC (permalink / raw)
To: Tetsuo Handa; +Cc: linux-security-module, syzbot, syzbot, syzbot
On Fri, 12 Apr 2019, Tetsuo Handa wrote:
> syzbot is reporting kernel panic triggered by memory allocation fault
> injection before loading TOMOYO's policy [1]. To make the fuzzing tests
> useful, we need to assign a profile other than "disabled" (no-op) mode.
> Therefore, let's allow syzbot to load TOMOYO's built-in policy for
> "learning" mode using a kernel config option. This option must not be
> enabled for kernels built for production system, for this option also
> disables domain/program checks when modifying policy configuration via
> /sys/kernel/security/tomoyo/ interface.
>
> [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95
>
> Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
> Reported-by: syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
> Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> security/tomoyo/Kconfig | 10 ++++++++++
> security/tomoyo/common.c | 13 ++++++++++++-
> 2 files changed, 22 insertions(+), 1 deletion(-)
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-tomoyo
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-04-29 20:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-12 11:04 [PATCH (resend)] tomoyo: Add a kernel config option for fuzzing testing Tetsuo Handa
2019-04-22 13:06 ` Tetsuo Handa
2019-04-22 22:52 ` James Morris
2019-04-23 10:44 ` Tetsuo Handa
2019-04-29 20:07 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.