linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>
Cc: casey.schaufler@intel.com, James Morris <jmorris@namei.org>,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
	keescook@chromium.org, john.johansen@canonical.com,
	penguin-kernel@i-love.sakura.ne.jp,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v15 05/23] net: Prepare UDS for security module stacking
Date: Mon, 9 Mar 2020 17:13:23 -0700	[thread overview]
Message-ID: <50b463c1-1ff1-caad-3e4c-6e822e1c4a7a@schaufler-ca.com> (raw)
In-Reply-To: <CAHC9VhQzSqbEh_RN3zqnhOqVMCjrKwGhyBXnYb8Du4LUq7=txQ@mail.gmail.com>

On 3/6/2020 2:14 PM, Paul Moore wrote:
> On Fri, Feb 14, 2020 at 6:42 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>> Change the data used in UDS SO_PEERSEC processing from a
>> secid to a more general struct lsmblob. Update the
>> security_socket_getpeersec_dgram() interface to use the
>> lsmblob. There is a small amount of scaffolding code
>> that will come out when the security_secid_to_secctx()
>> code is brought in line with the lsmblob.
>>
>> Reviewed-by: Kees Cook <keescook@chromium.org>
>> Reviewed-by: John Johansen <john.johansen@canonical.com>
>> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>> cc: netdev@vger.kernel.org
>> ---
>>  include/linux/security.h |  7 +++++--
>>  include/net/af_unix.h    |  2 +-
>>  include/net/scm.h        |  8 +++++---
>>  net/ipv4/ip_sockglue.c   |  8 +++++---
>>  net/unix/af_unix.c       |  6 +++---
>>  security/security.c      | 18 +++++++++++++++---
>>  6 files changed, 34 insertions(+), 15 deletions(-)
> ...
>
>> diff --git a/include/net/af_unix.h b/include/net/af_unix.h
>> index 17e10fba2152..59af08ca802f 100644
>> --- a/include/net/af_unix.h
>> +++ b/include/net/af_unix.h
>> @@ -36,7 +36,7 @@ struct unix_skb_parms {
>>         kgid_t                  gid;
>>         struct scm_fp_list      *fp;            /* Passed files         */
>>  #ifdef CONFIG_SECURITY_NETWORK
>> -       u32                     secid;          /* Security ID          */
>> +       struct lsmblob          lsmblob;        /* Security LSM data    */
>>  #endif
>>         u32                     consumed;
>>  } __randomize_layout;
> This might be a problem.  As it currently stands, the sk_buff.cb field
> is 48 bytes; with CONFIG_SECURITY_NETWORK=n unix_skb_parms is 28 bytes
> on a 64-bit system.  That leaves 20 bytes (room for 5 LSMs) assuming a
> tight packing *and* that netdev doesn't swoop in and drop another few
> fields in unix_skb_parms.
>
> This may work now, and you might manage to sneak this by the netdev
> crowd, but I predict problems in the future.

Do you think that making this a struct lsmblob * instead would make
the change more likely to be accepted? It would complicate the code
but remove the issue.
 



  reply	other threads:[~2020-03-10  0:13 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20200214234203.7086-1-casey.ref@schaufler-ca.com>
2020-02-14 23:41 ` [PATCH v15 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 01/23] LSM: Infrastructure management of the sock security Casey Schaufler
2020-03-06 20:37     ` Paul Moore
2020-02-14 23:41   ` [PATCH v15 02/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2020-02-18 17:56     ` Stephen Smalley
2020-02-24 17:56     ` Mimi Zohar
2020-02-14 23:41   ` [PATCH v15 03/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2020-02-24 18:26     ` Mimi Zohar
2020-02-14 23:41   ` [PATCH v15 04/23] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2020-03-06 22:06     ` Paul Moore
2020-02-14 23:41   ` [PATCH v15 05/23] net: Prepare UDS for security module stacking Casey Schaufler
2020-03-06 22:14     ` Paul Moore
2020-03-10  0:13       ` Casey Schaufler [this message]
2020-03-10  1:02         ` Paul Moore
2020-02-14 23:41   ` [PATCH v15 06/23] Use lsmblob in security_secctx_to_secid Casey Schaufler
2020-03-07  0:58     ` Paul Moore
2020-03-10  1:13       ` Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 07/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 08/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 09/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 10/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 11/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 12/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 13/23] LSM: Specify which LSM to display Casey Schaufler
2020-03-07  1:49     ` Paul Moore
2020-02-14 23:41   ` [PATCH v15 14/23] LSM: Ensure the correct LSM context releaser Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 15/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 16/23] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 17/23] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2020-03-07  2:06     ` Paul Moore
2020-02-14 23:41   ` [PATCH v15 18/23] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2020-03-07  2:14     ` Paul Moore
2020-03-10  1:21       ` Casey Schaufler
2020-02-14 23:41   ` [PATCH v15 19/23] LSM: Verify LSM display sanity in binder Casey Schaufler
2020-02-14 23:42   ` [PATCH v15 20/23] Audit: Add subj_LSM fields when necessary Casey Schaufler
2020-02-14 23:42   ` [PATCH v15 21/23] Audit: Include object data for all security modules Casey Schaufler
2020-02-14 23:42   ` [PATCH v15 22/23] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2020-02-18 18:17     ` Stephen Smalley
2020-02-14 23:42   ` [PATCH v15 23/23] AppArmor: Remove the exclusive flag Casey Schaufler
2020-02-18 18:19     ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50b463c1-1ff1-caad-3e4c-6e822e1c4a7a@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=casey.schaufler@intel.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=keescook@chromium.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).