From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org, James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
linux-security-module <linux-security-module@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
Dmitry Vyukov <dvyukov@google.com>
Subject: Re: [RFC PATCH 2/2] integrity: double check iint_cache was initialized
Date: Wed, 24 Mar 2021 20:20:39 +0900 [thread overview]
Message-ID: <05ca20d0-9596-152e-4da2-1ffe28c52055@i-love.sakura.ne.jp> (raw)
In-Reply-To: <37aeaf361bfbd800e29db761f5160f2ce1869298.camel@linux.ibm.com>
On 2021/03/24 20:10, Mimi Zohar wrote:
> On Wed, 2021-03-24 at 19:10 +0900, Tetsuo Handa wrote:
>> On 2021/03/24 1:13, Mimi Zohar wrote:
>>> On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote:
>>>> On 2021/03/23 23:47, Mimi Zohar wrote:
>>>>> Initially I also questioned making "integrity" an LSM. Perhaps it's
>>>>> time to reconsider. For now, it makes sense to just fix the NULL
>>>>> pointer dereferencing.
>>>>
>>>> Do we think calling panic() as "fix the NULL pointer dereferencing" ?
>>>
>>> Not supplying "integrity" as an "lsm=" option is a user error. There
>>> are only two options - allow or deny the caller to proceed. If the
>>> user is expecting the integrity subsystem to be properly working,
>>> returning a NULL and allowing the system to boot (RFC patch version)
>>> does not make sense. Better to fail early.
>>
>> What does the "user" mean? Those who load the vmlinux?
>> Only the "root" user (so called administrators)?
>> Any users including other than "root" user?
>>
>> If the user means those who load the vmlinux, that user is explicitly asking
>> for disabling "integrity" for some reason. In that case, it is a bug if
>> booting with "integrity" disabled is impossible.
>>
>> If the user means something other than those who load the vmlinux,
>> is there a possibility that that user (especially non "root" users) is
>> allowed to try to use "integrity" ? If processes other than global init
>> process can try to use "integrity", wouldn't it be a DoS attack vector?
>> Please explain in the descripotion why calling panic() does not cause
>> DoS attack vector.
>
> User in this case, is anyone rebooting the system and is intentionally
> changing the default values, dropping the "integrity" option on the
> boot command line.
OK. Then, I expect that the system boots instead of calling panic().
That user is explicitly asking for disabling "integrity" for some reason.
next prev parent reply other threads:[~2021-03-24 11:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-19 20:03 [RFC PATCH 1/2] ima: don't access a file's integrity status before an IMA policy is loaded Mimi Zohar
2021-03-19 20:03 ` [RFC PATCH 2/2] integrity: double check iint_cache was initialized Mimi Zohar
2021-03-22 7:10 ` Tetsuo Handa
2021-03-22 7:53 ` Dmitry Vyukov
2021-03-23 1:46 ` Tetsuo Handa
2021-03-23 12:09 ` Mimi Zohar
2021-03-23 13:37 ` Tetsuo Handa
2021-03-23 14:01 ` Tetsuo Handa
2021-03-23 14:47 ` Mimi Zohar
2021-03-23 15:14 ` Tetsuo Handa
2021-03-23 16:13 ` Mimi Zohar
2021-03-24 10:10 ` Tetsuo Handa
2021-03-24 11:10 ` Mimi Zohar
2021-03-24 11:20 ` Tetsuo Handa [this message]
2021-03-24 11:37 ` Dmitry Vyukov
2021-03-24 11:49 ` Mimi Zohar
2021-03-24 11:58 ` Dmitry Vyukov
2021-03-24 12:17 ` Mimi Zohar
2021-03-24 15:56 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=05ca20d0-9596-152e-4da2-1ffe28c52055@i-love.sakura.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=dvyukov@google.com \
--cc=ebiggers@kernel.org \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).