From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>
Cc: john.johansen@canonical.com, selinux@vger.kernel.org,
James Morris <jmorris@namei.org>,
linux-security-module@vger.kernel.org, linux-audit@redhat.com,
casey.schaufler@intel.com, Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking
Date: Fri, 4 Sep 2020 14:35:46 -0700 [thread overview]
Message-ID: <1eeef766-405f-3800-c0cf-3eb008f9673e@schaufler-ca.com> (raw)
In-Reply-To: <CAHC9VhSh=r4w_3mZOUwmKN0UxCMxPNGKd=_vr_iGV06rvCNbSA@mail.gmail.com>
On 9/4/2020 1:08 PM, Paul Moore wrote:
> On Wed, Aug 26, 2020 at 11:07 AM Casey Schaufler <casey@schaufler-ca.com> wrote:
>> Change the data used in UDS SO_PEERSEC processing from a
>> secid to a more general struct lsmblob. Update the
>> security_socket_getpeersec_dgram() interface to use the
>> lsmblob. There is a small amount of scaffolding code
>> that will come out when the security_secid_to_secctx()
>> code is brought in line with the lsmblob.
>>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>> ---
>> include/linux/security.h | 7 +++++--
>> include/net/af_unix.h | 2 +-
>> include/net/scm.h | 8 +++++---
>> net/ipv4/ip_sockglue.c | 8 +++++---
>> net/unix/af_unix.c | 6 +++---
>> security/security.c | 18 +++++++++++++++---
>> 6 files changed, 34 insertions(+), 15 deletions(-)
> ...
>
>> diff --git a/include/net/af_unix.h b/include/net/af_unix.h
>> index f42fdddecd41..a86da0cb5ec1 100644
>> --- a/include/net/af_unix.h
>> +++ b/include/net/af_unix.h
>> @@ -36,7 +36,7 @@ struct unix_skb_parms {
>> kgid_t gid;
>> struct scm_fp_list *fp; /* Passed files */
>> #ifdef CONFIG_SECURITY_NETWORK
>> - u32 secid; /* Security ID */
>> + struct lsmblob lsmblob; /* Security LSM data */
> As mentioned in a previous revision, I remain concerned that this is
> going to become a problem due to the size limit on unix_skb_parms. I
> would need to redo the math to be certain, but if I recall correctly
> this would limit us to five LSMs assuming both that we don't need to
> grow the per-LSM size of lsmblob *and* the netdev folks don't decide
> to add more fields to the unix_skb_parms.
>
> I lost track of that earlier discussion so I'm not sure where it ended
> up, but if there is a viable alternative it might be a good idea to
> pursue it.
Stephen had concerns about the lifecycle management involved. He also
pointed out that I had taken a cowards way out when allocations failed.
That could result in unexpected behavior when an allocation failed.
Fixing that would have required a major re-write of the currently simple
UDS attribute code, which I suspect would be as hard a sell to netdev as
expanding the secid to a lsmblob. I also thought I'd gotten netdev on the
CC: for this patch, but it looks like I missed it.
I did start on the UDS attribute re-do, and discovered that I was going
to have to introduce new failure paths, and that it might not be possible
to maintain compatibility for all cases because of the new possibilities
of failure.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-09-04 21:38 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200826145247.10029-1-casey.ref@schaufler-ca.com>
2020-08-26 14:52 ` [PATCH v20 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-08-26 14:52 ` [PATCH v20 01/23] LSM: Infrastructure management of the sock security Casey Schaufler
2020-08-26 14:52 ` [PATCH v20 02/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2020-09-04 21:50 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 03/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2020-09-04 18:53 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 04/23] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2020-09-04 19:46 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 05/23] net: Prepare UDS for security module stacking Casey Schaufler
2020-09-03 16:28 ` James Morris
2020-09-04 20:08 ` Paul Moore
2020-09-04 21:35 ` Casey Schaufler [this message]
2020-09-04 21:53 ` Paul Moore
2020-09-04 23:58 ` Casey Schaufler
2020-09-05 13:25 ` Paul Moore
2020-09-05 18:13 ` Casey Schaufler
2020-09-05 19:05 ` John Johansen
2020-09-08 1:28 ` Stephen Smalley
2020-09-08 13:35 ` Stephen Smalley
2020-09-08 23:37 ` Casey Schaufler
2020-09-09 0:21 ` John Johansen
2020-09-09 13:19 ` Stephen Smalley
2020-09-09 18:19 ` Casey Schaufler
2020-09-09 18:33 ` John Johansen
2020-09-09 18:47 ` John Johansen
2020-09-10 14:11 ` Paul Moore
2020-09-09 0:17 ` John Johansen
2020-08-26 14:52 ` [PATCH v20 06/23] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2020-09-04 21:29 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 07/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2020-09-04 21:59 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 08/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2020-09-05 13:12 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 09/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2020-09-05 13:18 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 10/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2020-09-05 13:20 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 11/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2020-08-26 14:52 ` [PATCH v20 12/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2020-09-06 2:28 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 13/23] LSM: Specify which LSM to display Casey Schaufler
2020-08-26 14:52 ` [PATCH v20 14/23] LSM: Ensure the correct LSM context releaser Casey Schaufler
2020-09-06 2:45 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 15/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2020-08-26 14:52 ` [PATCH v20 16/23] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2020-09-06 2:55 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 17/23] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2020-09-06 3:11 ` Paul Moore
2020-09-08 10:46 ` Pablo Neira Ayuso
2020-08-26 14:52 ` [PATCH v20 18/23] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2020-09-06 3:27 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 19/23] LSM: Verify LSM display sanity in binder Casey Schaufler
2020-09-06 3:30 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes Casey Schaufler
2020-09-03 16:32 ` James Morris
2020-09-03 17:00 ` John Johansen
2020-09-03 21:49 ` Paul Moore
2020-09-06 16:32 ` Paul Moore
2020-08-26 14:52 ` [PATCH v20 21/23] Audit: Add a new record for multiple object " Casey Schaufler
2020-08-26 14:52 ` [PATCH v20 22/23] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2020-08-26 18:02 ` Randy Dunlap
2020-08-26 14:52 ` [PATCH v20 23/23] AppArmor: Remove the exclusive flag Casey Schaufler
2020-08-26 15:27 ` [PATCH v20 00/23] LSM: Module stacking for AppArmor Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1eeef766-405f-3800-c0cf-3eb008f9673e@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-audit@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).