From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D56EC47088 for ; Wed, 26 May 2021 20:46:12 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A91D8613D2 for ; Wed, 26 May 2021 20:46:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A91D8613D2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=paul-moore.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-542-XyGnUfvdPImAGliAS-2ExA-1; Wed, 26 May 2021 16:46:07 -0400 X-MC-Unique: XyGnUfvdPImAGliAS-2ExA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BC299802690; Wed, 26 May 2021 20:46:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E3BFF60875; Wed, 26 May 2021 20:46:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AFEC05534D; Wed, 26 May 2021 20:46:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14QKjwHH008725 for ; Wed, 26 May 2021 16:45:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id 76AF02051B72; Wed, 26 May 2021 20:45:58 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7233520E76C3 for ; Wed, 26 May 2021 20:45:53 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7DE6618392A8 for ; Wed, 26 May 2021 20:45:53 +0000 (UTC) Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-262-Du7rugZuO6Ots3Y1CtApGQ-1; Wed, 26 May 2021 16:45:48 -0400 X-MC-Unique: Du7rugZuO6Ots3Y1CtApGQ-1 Received: by mail-ej1-f50.google.com with SMTP id l1so4558835ejb.6 for ; Wed, 26 May 2021 13:45:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5hZCAUoXKrRadFb+irPhIRNvSXLD3efh4ids+GIhWFs=; b=gQjQodBUVbaEPxXfMG3TCLsnzAX60Zk/azKVZCh/B1sej3RC0krM1ZJV2EvTsCkynU ZAsBLMf4HDKgYIV2DEAR//q0TS1rAoV0n+NUayaFRCxT1IJkkhMddJJAcBmljRHnevoQ sCr2nIUq3KfFtXK06JN9194wIhp3dnvoFVaDGW7sIGsXV2V+vTQmxb0BSk7we72XVC9r RsA8OtH+yPkTkq5+mCsTwDLLrU7zDjaGrcvuh31k4+iVDgPCgPSGIBzuDcxo3H6r/eqG dU4PJRTctJDmtV6sGr0hopa20Yow8rIbMiCUjtEbUVZjJdz5jQziHV7zrGJkS4tmrkEf uj7g== X-Gm-Message-State: AOAM530rnfJ8Uh1oBzoMrbsW1Psict54ml6bsq8dJF8TKYPo3gHo0n4F Fz3bX/sG1JlBZzQfkCuqicFfvlUCg8koi+0R6AXN X-Google-Smtp-Source: ABdhPJz6iVOIuh44Mmqdysb7jNsGhoP9gYEuVrlzxw4kHHE84xFgHtv1QtgrqYjZoQKXQGBkRyDa8YES+ONshv3QTv8= X-Received: by 2002:a17:906:840c:: with SMTP id n12mr149899ejx.431.1622061947628; Wed, 26 May 2021 13:45:47 -0700 (PDT) MIME-Version: 1.0 References: <162163367115.8379.8459012634106035341.stgit@sifl> <162163382536.8379.3124023175473604584.stgit@sifl> <00bede98-1bea-e3bc-b0a6-f038dc75c08d@samba.org> In-Reply-To: <00bede98-1bea-e3bc-b0a6-f038dc75c08d@samba.org> From: Paul Moore Date: Wed, 26 May 2021 16:45:36 -0400 Message-ID: Subject: Re: [RFC PATCH 7/9] lsm,io_uring: add LSM hooks to io_uring To: Stefan Metzmacher X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: linux-audit@redhat.com Cc: Jens Axboe , selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, Kumar Kartikeya Dwivedi , linux-fsdevel@vger.kernel.org, io-uring@vger.kernel.org, Alexander Viro X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Wed, May 26, 2021 at 10:48 AM Stefan Metzmacher wrote: > > Hi Paul, Hi Stefan. > > #define CREATE_TRACE_POINTS > > #include > > @@ -6537,6 +6538,11 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, > > if (!req->work.creds) > > return -EINVAL; > > get_cred(req->work.creds); > > + ret = security_uring_override_creds(req->work.creds); > > + if (ret) { > > + put_cred(req->work.creds); > > + return ret; > > + } > > Why are you calling this per requests, shouldn't this be done in > io_register_personality()? Generally speaking it is more interesting to see when user alice tries to impersonate bob and not when bob registers his ID as available to use by others. We could always add a LSM hook to control when bob registers his ID, but I think the impersonation is the critical code path. However, if I'm misunderstanding how this works in io_uring please correct me. > I'm also not sure if this really gains anything as io_register_personality() > only captures the value of get_current_cred(), so the process already has changed to > the credentials (at least once for the io_uring_register(IORING_REGISTER_PERSONALITY) > call). > > metze -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit