From: Dmitry Vyukov <dvyukov@google.com>
To: Paul Moore <paul@paul-moore.com>,
jmorris@namei.org, mjg59@srcf.ucam.org,
linux-security-module <linux-security-module@vger.kernel.org>,
nathanl@linux.ibm.com
Cc: syzkaller <syzkaller@googlegroups.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Subject: LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING?
Date: Tue, 14 Mar 2023 11:02:16 +0100 [thread overview]
Message-ID: <CACT4Y+Z-9KCgKwkktvdJwNJZxxeA1f74zkP7KD6c=OmKXxXfjw@mail.gmail.com> (raw)
Hi Lockdown maintainers,
We don't enable Lockdown integrity mode on syzbot during fuzzing, but
we would like to. The main problem is the restriction of debugfs,
which we need for fuzzing. But we do duplicate some of its
restrictions (e.g. DEVKMEM=n).
It come up again recently in the context of discussion of memory
corruptions when a mounted blocked device is being written to by root:
https://lore.kernel.org/all/CACT4Y+b1vGfe0Uvp6YmKahK4GfCfvdBLCh0SAQzGgWN1s6A+0Q@mail.gmail.com/
It looks like this restriction of writing to mounted block devices
should be part of integrity lockdown (but I am not an expert).
What do you think about the addition of a new level that is integrity
but with debug fs access?
LOCKDOWN_RTAS_ERROR_INJECTION also looks like it's in the same bucket
of "fine for testing".
At least for us it is OK if it can be enabled only via kernel config
(no cmd line) and named accordingly
(TEST_ONLY_DONT_ENABLE_IN_PRODUCTION).
If we have it, we could restrict writing to mounted devices in
integrity mode and enable this mode on syzbot.
Thanks
next reply other threads:[~2023-03-14 10:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-14 10:02 Dmitry Vyukov [this message]
2023-03-17 15:20 ` LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING? Nathan Lynch
2023-03-17 15:27 ` LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING? Dmitry Vyukov
2023-03-18 6:31 ` LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING? Tetsuo Handa
2023-03-20 20:36 ` LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING? Paul Moore
2023-03-21 9:57 ` LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING? Dmitry Vyukov
2023-03-21 19:41 ` LOCK_DOWN_FORCE_INTEGRITY_FOR_FUZZING? Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACT4Y+Z-9KCgKwkktvdJwNJZxxeA1f74zkP7KD6c=OmKXxXfjw@mail.gmail.com' \
--to=dvyukov@google.com \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=nathanl@linux.ibm.com \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.