From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Kees Cook <keescook@chromium.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
"Luis R. Rodriguez" <mcgrof@suse.com>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Kexec Mailing List <kexec@lists.infradead.org>,
David Howells <dhowells@redhat.com>,
linux-security-module <linux-security-module@vger.kernel.org>,
Eric Biederman <ebiederm@xmission.com>,
David Woodhouse <dwmw2@infradead.org>,
linux-modules@vger.kernel.org
Subject: Re: [PATCH v3 00/22] vfs: support for a common kernel file loader
Date: Thu, 04 Feb 2016 18:54:56 -0500 [thread overview]
Message-ID: <1454630096.2648.14.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CAGXu5jKve+Lcm+m69L_hGDWtL67H8ndJLq+MpRNVsF9N0-buAw@mail.gmail.com>
On Thu, 2016-02-04 at 10:15 -0800, Kees Cook wrote:
> On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > For a while it was looked down upon to directly read files from Linux.
> > These days there exists a few mechanisms in the kernel that do just this
> > though to load a file into a local buffer. There are minor but important
> > checks differences on each, we should take all the best practices from
> > each of them, generalize them and make all places in the kernel that
> > read a file use it.[1]
> >
> > One difference is the method for opening the file. In some cases we
> > have a file, while in other cases we have a pathname or a file descriptor.
> >
> > Another difference is the security hook calls, or lack of them. In
> > some versions there is a post file read hook, while in others there
> > is a pre file read hook.
> >
> > This patch set attempts to resolve these differences. It does not attempt
> > to merge the different methods of opening a file, but defines a single
> > common kernel file read function with two wrappers. In addition, as none
> > of the upstreamed LSMs define either a kernel_module_from_file or a
> > kernel_fw_from_file hook, this patch set removes these hooks and the
> > associated functions. The ima_module_check() and ima_fw_from_file()
> > functions are renamed and called from the pre and post kernel_read_file
> > security functions respectively.
>
> I'm very happy about the pre and post hooks; this solves the primary
> problem I'd had when comparing the firmware and module hooks. Thanks!
Thank you for reviewing the patches!
> Once this series is in -next, I'll resend my rebased "loadpin" LSM.
I was looking for this reference, when writing the patch description for
modules, but couldn't remember it. Commit 2e72d51 "security: introduce
kernel_module_from_file hook" patch description references Chrome OS.
Thanks!
Mimi
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-security-module <linux-security-module@vger.kernel.org>,
"Luis R. Rodriguez" <mcgrof@suse.com>,
Kexec Mailing List <kexec@lists.infradead.org>,
linux-modules@vger.kernel.org,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Eric Biederman <ebiederm@xmission.com>,
Rusty Russell <rusty@rustcorp.com.au>
Subject: Re: [PATCH v3 00/22] vfs: support for a common kernel file loader
Date: Thu, 04 Feb 2016 18:54:56 -0500 [thread overview]
Message-ID: <1454630096.2648.14.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CAGXu5jKve+Lcm+m69L_hGDWtL67H8ndJLq+MpRNVsF9N0-buAw@mail.gmail.com>
On Thu, 2016-02-04 at 10:15 -0800, Kees Cook wrote:
> On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > For a while it was looked down upon to directly read files from Linux.
> > These days there exists a few mechanisms in the kernel that do just this
> > though to load a file into a local buffer. There are minor but important
> > checks differences on each, we should take all the best practices from
> > each of them, generalize them and make all places in the kernel that
> > read a file use it.[1]
> >
> > One difference is the method for opening the file. In some cases we
> > have a file, while in other cases we have a pathname or a file descriptor.
> >
> > Another difference is the security hook calls, or lack of them. In
> > some versions there is a post file read hook, while in others there
> > is a pre file read hook.
> >
> > This patch set attempts to resolve these differences. It does not attempt
> > to merge the different methods of opening a file, but defines a single
> > common kernel file read function with two wrappers. In addition, as none
> > of the upstreamed LSMs define either a kernel_module_from_file or a
> > kernel_fw_from_file hook, this patch set removes these hooks and the
> > associated functions. The ima_module_check() and ima_fw_from_file()
> > functions are renamed and called from the pre and post kernel_read_file
> > security functions respectively.
>
> I'm very happy about the pre and post hooks; this solves the primary
> problem I'd had when comparing the firmware and module hooks. Thanks!
Thank you for reviewing the patches!
> Once this series is in -next, I'll resend my rebased "loadpin" LSM.
I was looking for this reference, when writing the patch description for
modules, but couldn't remember it. Commit 2e72d51 "security: introduce
kernel_module_from_file hook" patch description references Chrome OS.
Thanks!
Mimi
next prev parent reply other threads:[~2016-02-04 23:56 UTC|newest]
Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-03 19:06 [PATCH v3 00/22] vfs: support for a common kernel file loader Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 01/22] ima: separate 'security.ima' reading functionality from collect Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 02/22] ima: refactor ima_policy_show() to display "ima_hooks" rules Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:45 ` Petko Manolov
2016-02-07 19:45 ` Petko Manolov
2016-02-10 19:33 ` Dmitry Kasatkin
2016-02-10 19:33 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 03/22] ima: use "ima_hooks" enum as function argument Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:46 ` Petko Manolov
2016-02-07 19:46 ` Petko Manolov
2016-02-10 19:35 ` Dmitry Kasatkin
2016-02-10 19:35 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 04/22] firmware: simplify dev_*() print messages for generic helpers Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:26 ` Kees Cook
2016-02-04 17:26 ` Kees Cook
2016-02-03 19:06 ` [PATCH v3 05/22] firmware: move completing fw into a helper Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:27 ` Kees Cook
2016-02-04 17:27 ` Kees Cook
2016-02-03 19:06 ` [PATCH v3 06/22] firmware: fold successful fw read early Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:36 ` Kees Cook
2016-02-04 17:36 ` Kees Cook
2016-02-04 20:26 ` Luis R. Rodriguez
2016-02-04 20:26 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 07/22] vfs: define a generic function to read a file from the kernel Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:41 ` Kees Cook
2016-02-04 17:41 ` Kees Cook
2016-02-03 19:06 ` [PATCH v3 08/22] vfs: define kernel_read_file_id enumeration Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:41 ` Kees Cook
2016-02-04 17:41 ` Kees Cook
2016-02-04 19:45 ` Luis R. Rodriguez
2016-02-04 19:45 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 09/22] ima: provide buffer hash calculation function Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 10/22] ima: calculate the hash of a buffer using aynchronous hash(ahash) Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-10 19:58 ` Dmitry Kasatkin
2016-02-10 19:58 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 11/22] ima: define a new hook to measure and appraise a file already in memory Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-10 20:27 ` Dmitry Kasatkin
2016-02-10 20:27 ` Dmitry Kasatkin
2016-02-03 19:06 ` [PATCH v3 12/22] vfs: define kernel_read_file_from_path Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:46 ` Kees Cook
2016-02-04 17:46 ` Kees Cook
2016-02-04 19:47 ` Luis R. Rodriguez
2016-02-04 19:47 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 13/22] firmware: replace call to fw_read_file_contents() with kernel version Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:56 ` Kees Cook
2016-02-04 17:56 ` Kees Cook
2016-02-04 19:51 ` Luis R. Rodriguez
2016-02-04 19:51 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 14/22] security: define kernel_read_file hook Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:57 ` Kees Cook
2016-02-04 17:57 ` Kees Cook
2016-02-04 19:54 ` Luis R. Rodriguez
2016-02-04 19:54 ` Luis R. Rodriguez
2016-02-11 16:54 ` Casey Schaufler
2016-02-11 16:54 ` Casey Schaufler
2016-02-11 19:35 ` Mimi Zohar
2016-02-11 19:35 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 15/22] vfs: define kernel_copy_file_from_fd() Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 17:58 ` Kees Cook
2016-02-04 17:58 ` Kees Cook
2016-02-04 19:55 ` Luis R. Rodriguez
2016-02-04 19:55 ` Luis R. Rodriguez
2016-02-03 19:06 ` [PATCH v3 16/22] module: replace copy_module_from_fd with kernel version Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 18:04 ` Kees Cook
2016-02-04 18:04 ` Kees Cook
2016-02-04 19:56 ` Luis R. Rodriguez
2016-02-04 19:56 ` Luis R. Rodriguez
2016-02-05 0:19 ` Mimi Zohar
2016-02-05 0:19 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 17/22] ima: remove firmware and module specific cached status info Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:56 ` Petko Manolov
2016-02-07 19:56 ` Petko Manolov
2016-02-10 20:18 ` Dmitry Kasatkin
2016-02-10 20:18 ` Dmitry Kasatkin
2016-02-10 23:14 ` Mimi Zohar
2016-02-10 23:14 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 18/22] kexec: replace call to copy_file_from_fd() with kernel version Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-04 18:05 ` Kees Cook
2016-02-04 18:05 ` Kees Cook
2016-02-04 19:57 ` Luis R. Rodriguez
2016-02-04 19:57 ` Luis R. Rodriguez
2016-02-12 12:50 ` Dave Young
2016-02-12 12:50 ` Dave Young
2016-02-03 19:06 ` [PATCH v3 19/22] ima: support for kexec image and initramfs Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 20:10 ` Petko Manolov
2016-02-07 20:10 ` Petko Manolov
2016-02-08 23:34 ` Mimi Zohar
2016-02-08 23:34 ` Mimi Zohar
2016-02-10 21:09 ` Dmitry Kasatkin
2016-02-10 21:09 ` Dmitry Kasatkin
2016-02-10 23:21 ` Mimi Zohar
2016-02-10 23:21 ` Mimi Zohar
[not found] ` <CACE9dm8OJ1cgbKszUG-pCiEMVarUFLLWi_jewVV-JEMGAJsA-g@mail.gmail.com>
2016-02-11 2:08 ` Mimi Zohar
2016-02-11 2:08 ` Mimi Zohar
2016-02-11 8:47 ` Dmitry Kasatkin
2016-02-11 8:47 ` Dmitry Kasatkin
2016-02-11 12:16 ` Mimi Zohar
2016-02-11 12:16 ` Mimi Zohar
2016-02-12 12:53 ` Dave Young
2016-02-12 12:53 ` Dave Young
2016-02-12 13:09 ` Mimi Zohar
2016-02-12 13:09 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 20/22] ima: load policy using path Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 19:59 ` Petko Manolov
2016-02-07 19:59 ` Petko Manolov
2016-02-08 9:58 ` Dmitry Kasatkin
2016-02-08 9:58 ` Dmitry Kasatkin
2016-02-08 10:35 ` Petko Manolov
2016-02-08 10:35 ` Petko Manolov
2016-02-08 10:45 ` Dmitry Kasatkin
2016-02-08 10:45 ` Dmitry Kasatkin
2016-02-08 21:12 ` Mimi Zohar
2016-02-08 21:12 ` Mimi Zohar
2016-02-09 7:47 ` Petko Manolov
2016-02-09 7:47 ` Petko Manolov
2016-02-03 19:06 ` [PATCH v3 21/22] ima: measure and appraise the IMA policy itself Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 20:01 ` Petko Manolov
2016-02-07 20:01 ` Petko Manolov
2016-02-10 20:22 ` Dmitry Kasatkin
2016-02-10 20:22 ` Dmitry Kasatkin
2016-02-10 23:15 ` Mimi Zohar
2016-02-10 23:15 ` Mimi Zohar
2016-02-03 19:06 ` [PATCH v3 22/22] ima: require signed IMA policy Mimi Zohar
2016-02-03 19:06 ` Mimi Zohar
2016-02-07 20:02 ` Petko Manolov
2016-02-07 20:02 ` Petko Manolov
2016-02-10 20:24 ` Dmitry Kasatkin
2016-02-10 20:24 ` Dmitry Kasatkin
2016-02-04 18:15 ` [PATCH v3 00/22] vfs: support for a common kernel file loader Kees Cook
2016-02-04 18:15 ` Kees Cook
2016-02-04 23:54 ` Mimi Zohar [this message]
2016-02-04 23:54 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1454630096.2648.14.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@suse.com \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.