From: Linus Torvalds <torvalds@linux-foundation.org>
To: Paul Moore <paul@paul-moore.com>
Cc: SElinux list <selinux@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] SELinux fixes for v5.15 (#1)
Date: Wed, 22 Sep 2021 16:43:37 -0700 [thread overview]
Message-ID: <CAHk-=whoExoB6xGD0as0kpfwr38B=W7GRkO2NXWDRW-tmQS6Qw@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhSZp1-Qi7ApoQHauaFXDgoNaFTwFEieEFFuBtdPqAtXQg@mail.gmail.com>
On Wed, Sep 22, 2021 at 2:40 PM Paul Moore <paul@paul-moore.com> wrote:
>
> The basic idea, or problem from a LSM point of view, is that in some
> cases you have a user task which is doing the lockdown access check
> and in others you have the kernel itself
I don't understand. In that case, it would be a boolean for "kernel vs user".
But that's not what it is. It literally seems to care about _which_
user, and looks at cred_sid().
This is what makes no sense to me. If it's about lockdown,. then the
user is immaterial. Either it's locked down, or it's not.
Yeah, yeah, clearly that isn't how it works. Something is very rotten
in the state of lockdown. But that rottenness shouldn't then be
exposed as a horrible interface.
Why has selinux allowed the SID to be an issue for SECCLASS_LOCKDOWN at all?
And why is selinux foceing it's very odd and arguably completely
misguided "lockdown" logic onto the security layer?
Yes, using "current_sid()" in selinux_lockdown() is clearly wrong,
since it's not sensible in an interrupt, but lockdown questions are.
But why isn't that just considered a selinux bug, and that
u32 sid = current_sid();
just replaced with something silly like
// lockdown is lockdown, user labeling isn't relevant
u32 sid = SECINITSID_UNLABELED;
and solve that issue that way? Just say that lockdown cannot depend on
who is asking for it.
Linus
next prev parent reply other threads:[~2021-09-22 23:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-17 1:14 [GIT PULL] SELinux fixes for v5.15 (#1) Paul Moore
2021-09-22 17:57 ` Paul Moore
2021-09-22 20:55 ` Linus Torvalds
2021-09-22 21:10 ` Linus Torvalds
2021-09-22 21:40 ` Paul Moore
2021-09-22 23:43 ` Linus Torvalds [this message]
2021-09-23 15:43 ` Paul Moore
2021-09-23 15:53 ` Linus Torvalds
2021-09-23 17:13 ` Paul Moore
2021-09-23 17:29 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whoExoB6xGD0as0kpfwr38B=W7GRkO2NXWDRW-tmQS6Qw@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).