From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: <linux-security-module@vger.kernel.org>, <jmorris@namei.org>,
<keescook@chromium.org>, <john.johansen@canonical.com>,
<penguin-kernel@i-love.sakura.ne.jp>,
<stephen.smalley.work@gmail.com>, <linux-kernel@vger.kernel.org>,
<linux-api@vger.kernel.org>, <mic@digikod.net>
Subject: Re: [PATCH v7 04/11] LSM: syscalls for current process attributes
Date: Thu, 30 Mar 2023 07:24:19 -0400 [thread overview]
Message-ID: <1873242bbd8.28e3.85c95baa4474aabc7814e68940a78392@paul-moore.com> (raw)
In-Reply-To: <CAHC9VhRuKqaYD=WCzuuk4=+qFSvCjCEMEsPjAh9pQe-=LyMthA@mail.gmail.com>
On March 29, 2023 9:12:19 PM Paul Moore <paul@paul-moore.com> wrote:
> On Wed, Mar 15, 2023 at 6:48 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
...
>
>> +/**
>> + * security_setselfattr - Set an LSM attribute on the current process.
>> + * @attr: which attribute to set
>> + * @ctx: the user-space source for the information
>> + * @size: the size of the data
>> + * @flags: reserved for future use, must be 0
>> + *
>> + * Set an LSM attribute for the current process. The LSM, attribute
>> + * and new value are included in @ctx.
>> + *
>> + * Returns 0 on success, an LSM specific value on failure.
>> + */
>> +int security_setselfattr(unsigned int __user attr, struct lsm_ctx __user *ctx,
>> + size_t __user size, u32 __user flags)
>> +{
>> + struct security_hook_list *hp;
>> + struct lsm_ctx lctx;
>
> Shouldn't we check @attr for valid values and return -EINVAL if bogus?
>
>> + if (flags != 0)
>> + return -EINVAL;
>> + if (size < sizeof(*ctx))
>> + return -EINVAL;
>
> If we're only going to support on 'lsm_ctx' entry in this function we
> should verify that the 'len' and 'ctx_len' fields are sane. Although
> more on this below ...
>
>> + if (copy_from_user(&lctx, ctx, sizeof(*ctx)))
>> + return -EFAULT;
>> +
>> + hlist_for_each_entry(hp, &security_hook_heads.setselfattr, list)
>> + if ((hp->lsmid->id) == lctx.id)
>> + return hp->hook.setselfattr(attr, ctx, size, flags);
>
> Can anyone think of any good reason why we shouldn't support setting
> multiple LSMs in one call, similar to what we do with
> security_getselfattr()? It seems like it might be a nice thing to
> have ...
Scratch that, I just reminded myself why attempting to set an attribute on
multiple LSMs in one operation would be a nightmare. Sorry about the confusion.
--
paul-moore.com
next prev parent reply other threads:[~2023-03-30 11:24 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230315224704.2672-1-casey.ref@schaufler-ca.com>
2023-03-15 22:46 ` [PATCH v7 00/11] LSM: Three basic syscalls Casey Schaufler
2023-03-15 22:46 ` [PATCH v7 01/11] LSM: Identify modules by more than name Casey Schaufler
2023-03-30 1:10 ` Paul Moore
2023-03-15 22:46 ` [PATCH v7 02/11] LSM: Maintain a table of LSM attribute data Casey Schaufler
2023-03-22 15:30 ` kernel test robot
2023-03-30 1:10 ` Paul Moore
2023-03-15 22:46 ` [PATCH v7 03/11] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2023-03-15 22:46 ` [PATCH v7 04/11] LSM: syscalls for current process attributes Casey Schaufler
2023-03-16 12:35 ` kernel test robot
2023-03-30 1:12 ` Paul Moore
2023-03-30 11:24 ` Paul Moore [this message]
2023-03-30 20:00 ` Casey Schaufler
2023-03-30 23:22 ` Paul Moore
2023-04-03 12:04 ` Mickaël Salaün
2023-04-03 17:36 ` Casey Schaufler
2023-04-03 18:04 ` Mickaël Salaün
2023-04-03 18:28 ` Casey Schaufler
2023-04-11 0:31 ` Paul Moore
2023-03-15 22:46 ` [PATCH v7 05/11] LSM: Create lsm_list_modules system call Casey Schaufler
2023-03-30 1:12 ` Paul Moore
2023-04-03 12:04 ` Mickaël Salaün
2023-04-10 23:37 ` Paul Moore
2023-04-10 23:38 ` Paul Moore
2023-04-13 11:55 ` Mickaël Salaün
2023-03-15 22:46 ` [PATCH v7 06/11] LSM: wireup Linux Security Module syscalls Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 07/11] LSM: Helpers for attribute names and filling an lsm_ctx Casey Schaufler
2023-03-30 1:13 ` Paul Moore
2023-03-30 20:42 ` Casey Schaufler
2023-03-30 23:28 ` Paul Moore
2023-03-31 16:56 ` Casey Schaufler
2023-03-31 19:24 ` Paul Moore
2023-03-31 20:22 ` Casey Schaufler
2023-04-03 9:47 ` Mickaël Salaün
2023-04-03 9:54 ` Mickaël Salaün
2023-04-03 11:47 ` Mickaël Salaün
2023-04-03 18:04 ` Casey Schaufler
2023-04-03 18:03 ` Casey Schaufler
2023-04-03 18:06 ` Mickaël Salaün
2023-04-03 18:33 ` Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 08/11] Smack: implement setselfattr and getselfattr hooks Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 09/11] AppArmor: Add selfattr hooks Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 10/11] SELinux: " Casey Schaufler
2023-03-30 1:13 ` Paul Moore
2023-03-30 20:55 ` Casey Schaufler
2023-03-30 23:32 ` Paul Moore
2023-03-15 22:47 ` [PATCH v7 11/11] LSM: selftests for Linux Security Module syscalls Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1873242bbd8.28e3.85c95baa4474aabc7814e68940a78392@paul-moore.com \
--to=paul@paul-moore.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).