Re: [PATCH BUGFIX -rc3] Smack: Don't register smackfs if we're not loaded

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	James Morris <jmorris@namei.org>,
	Eric Paris <eparis@parisplace.org>
Subject: Re: [PATCH BUGFIX -rc3] Smack: Don't register smackfs if we're not loaded
Date: Tue, 4 Mar 2008 20:24:03 +0200	[thread overview]
Message-ID: <20080304182403.GA9792@ubuntu> (raw)
In-Reply-To: <alpine.LFD.1.00.0803040920080.12253@woody.linux-foundation.org>

Hi Linus,

[Adding SELinux devs to CC list, please follow to the SELinux point.]

On Tue, Mar 04, 2008 at 09:21:19AM -0800, Linus Torvalds wrote:
> 
> 
> On Tue, 4 Mar 2008, Ahmed S. Darwish wrote:
> > 
> > Smackfs initialization without an enabled Smack leads to
> > an early Oops that renders the system unusable.
> 
> I really think this is bogus. Global enables like this are just wrong, and 
> a sign that something else bad is going on.
> 
> What is the oops? Why does it happen?
> 

The problem occurs when Smack is built-in the kernel but not chosen
to register itself on boot. Smack was not chosen on boot cause either
security=AnotherLSM or security=NonExistentLSM.

In all cases, init_smk_fs() ,which registers smackfs, got called
cause it's an __initcall(init_smack_fs). 
This include the cases where smack __was not__ chosen on boot.

Making smackfs mountable when Smack is not registered leads to:

1- an Oops by dereferncing the NULL security pointer: current->security (*)

2- Smackfs code got executed though naturally all the code assumes
   that smack is already registered with the security system leading
   to several problems.

3- The bogus idea of having a subsystem interface available when the
   subsystem itself is not available!

So the global is used in init_smk_fs to not register smackfs if
Smack wasn't enabled on boot.

---- SELinux:

I think the SELinux folks faced the same problem too. In my first 
local iteration of the security= parameter patch, I forgot to set 
`selinux_disable = 1' if SELinux wasn't chosen on boot.

This led to dozen of SELinux Udev events and also led to selinuxfs 
being available even though SELinux hooks _weren't_ registered.

Regards,

(*) 
    Could not save the oops cause it occured too early, but
    it was like this:

    __init_call
    init_smk_fs(void)
    smk_unlbl_ambient(NULL)
    /* 
     * Here: current->security = NULL, cause SMACK initial setup
     * was not executed.
     */
    smack_to_secid(current->security) 
    strncmp(.., current->security, ..) 

-- 

"Better to light a candle, than curse the darkness"

Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com

next prev parent reply	other threads:[~2008-03-04 18:27 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-04 13:10 [PATCH BUGFIX -rc3] Smack: Don't register smackfs if we're not loaded Ahmed S. Darwish
2008-03-04 13:58 ` [PATCH -rc3] Security: Introduce security= boot parameter Ahmed S. Darwish
2008-03-05 15:29   ` [PATCH -v7 " Ahmed S. Darwish
2008-03-05 16:33     ` Casey Schaufler
2008-03-05 16:55       ` Ahmed S. Darwish
2008-03-05 17:43         ` Casey Schaufler
2008-03-05 18:46   ` [PATCH -v7b " Ahmed S. Darwish
2008-03-04 17:21 ` [PATCH BUGFIX -rc3] Smack: Don't register smackfs if we're not loaded Linus Torvalds
2008-03-04 18:24   ` Ahmed S. Darwish [this message]
  -- strict thread matches above, loose matches on Subject: below --
2008-03-04 16:42 Casey Schaufler
2008-03-04 17:45 Casey Schaufler
2008-03-04 18:12 ` Linus Torvalds
2008-03-05  0:58   ` James Morris
2008-03-05 12:12     ` Ahmed S. Darwish
2008-03-05 12:44 ` Ahmed S. Darwish
2008-03-05 12:51   ` Ahmed S. Darwish

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080304182403.GA9792@ubuntu \
    --to=darwish.07@gmail.com \
    --cc=casey@schaufler-ca.com \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.