linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Tamir Carmeli <carmeli.tamir@gmail.com>
To: casey@schaufler-ca.com
Cc: linux-security-module@vger.kernel.org
Subject: Re: LSM hook for module loading and unloading
Date: Tue, 4 Dec 2018 00:23:51 +0200	[thread overview]
Message-ID: <CAKxm1-GmS5zYh3W_Fz+XxrrF37p-ciqno_2BwCjz=hqOn1Xvqw@mail.gmail.com> (raw)
In-Reply-To: <8a74fb14-47bf-3415-2742-bec56b19e6f6@schaufler-ca.com>

Thanks for the reference for loadpin - I didn't know this module before.

I understand that unloading a module is a pretty far-fetched security
risk. I have one use case I think might be worth a shot: An exploit in
the module unloading flow or in a vulnerable process that unloads a
module enables an attacker to unload one of the iptable_filter modules
before some user space process adds an ip filter, and by that, enables
network traffic that otherwise would have been blocked.

Again, this is pretty far fetched, but an attacker that unloads a
module that contributes to the system security might hurt the system
security.
On Mon, Dec 3, 2018 at 6:13 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> On 12/1/2018 7:49 AM, Tamir Carmeli wrote:
> > Hi,
> > I believe that this is the right place to ask the question, but if it
> > isn't please let me know of a better forum to ask.
>
> This is the right list.
>
> > Is there a reason why LSM hooks for kernel module deletion and loading
> > don't exist? (for delete_module syscall and load_module kernel
> > function)
>
> security_kernel_load_data() is the hook for loading.
>
> > Is there some design problem I'm not aware of, or whether the
> > necessity hasn't come up from any of the mainline LSMs?
>
> No one has seen the need for a hook during unload.
>
> > I'm considering to write such patch, and I'd like to hear reasons for
> > why it might be a bad idea.
>
> To what end? Look at the Loadpin security module in security/loadpin
> for one approach to protecting module loading.
>
> > Thanks.
>

  reply	other threads:[~2018-12-03 22:24 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-01 15:49 LSM hook for module loading and unloading Tamir Carmeli
2018-12-03 16:13 ` Casey Schaufler
2018-12-03 22:23   ` Tamir Carmeli [this message]
2018-12-04  1:51     ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKxm1-GmS5zYh3W_Fz+XxrrF37p-ciqno_2BwCjz=hqOn1Xvqw@mail.gmail.com' \
    --to=carmeli.tamir@gmail.com \
    --cc=casey@schaufler-ca.com \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).