From: Luis Chamberlain <mcgrof@kernel.org>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
eric.snowberg@oracle.com, corbet@lwn.net, petr.pavlu@suse.com,
samitolvanen@google.com, da.gomez@samsung.com,
akpm@linux-foundation.org, paul@paul-moore.com,
jmorris@namei.org, serge@hallyn.com, shuah@kernel.org,
mcoquelin.stm32@gmail.com, alexandre.torgue@foss.st.com,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
linux-modules@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kselftest@vger.kernel.org, wufan@linux.microsoft.com,
pbrobinson@gmail.com, zbyszek@in.waw.pl, hch@lst.de,
mjg59@srcf.ucam.org, pmatilai@redhat.com, jannh@google.com,
dhowells@redhat.com, jikos@kernel.org, mkoutny@suse.com,
ppavlu@suse.com, petr.vorel@gmail.com, mzerqung@0pointer.de,
kgold@linux.ibm.com, Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers
Date: Tue, 26 Nov 2024 11:04:31 -0800 [thread overview]
Message-ID: <Z0Ybvzy7ianR-Sx9@bombadil.infradead.org> (raw)
In-Reply-To: <d428a5d926d695ebec170e98463f7501a1b00793.camel@huaweicloud.com>
On Tue, Nov 26, 2024 at 11:25:07AM +0100, Roberto Sassu wrote:
> On Mon, 2024-11-25 at 15:53 -0800, Luis Chamberlain wrote:
>
> Firmware, eBPF programs and so on are supposed
Keyword: "supposed".
> As far as the LSM infrastructure is concerned, I'm not adding new LSM
> hooks, nor extending/modifying the existing ones. The operations the
> Integrity Digest Cache is doing match the usage expectation by LSM (net
> denying access, as discussed with Paul Moore).
If modules are the only proven exception to your security model you are
not making the case for it clearly.
> The Integrity Digest Cache is supposed to be used as a supporting tool
> for other LSMs to do regular access control based on file data and
> metadata integrity. In doing that, it still needs the LSM
> infrastructure to notify about filesystem changes, and to store
> additional information in the inode and file descriptor security blobs.
>
> The kernel_post_read_file LSM hook should be implemented by another LSM
> to verify the integrity of a digest list, when the Integrity Digest
> Cache calls kernel_read_file() to read that digest list.
If LSM folks *do* agree that this work is *suplementing* LSMS then sure,
it was not clear from the commit logs. But then you need to ensure the
parsers are special snowflakes which won't ever incur other additional
kernel_read_file() calls.
> Supporting kernel modules opened the road for new deadlocks, since one
> can ask a digest list to verify a kernel module, but that digest list
> requires the same kernel module. That is why the in-kernel mechanism is
> 100% reliable,
Are users of this infrastructure really in need of modules for these
parsers?
Luis
next prev parent reply other threads:[~2024-11-26 19:04 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-19 10:49 [PATCH v6 00/15] integrity: Introduce the Integrity Digest Cache Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 01/15] lib: Add TLV parser Roberto Sassu
2024-11-19 16:51 ` Randy Dunlap
2025-01-21 13:29 ` Thomas Weißschuh
2025-01-21 13:48 ` Roberto Sassu
2025-01-21 14:21 ` Thomas Weißschuh
2025-01-21 14:29 ` Roberto Sassu
2025-01-21 14:55 ` Roberto Sassu
2025-01-21 21:42 ` Thomas Weißschuh
2024-11-19 10:49 ` [PATCH v6 02/15] module: Introduce ksys_finit_module() Roberto Sassu
2024-11-19 12:14 ` Christoph Hellwig
2024-11-19 14:33 ` Roberto Sassu
2024-11-19 20:10 ` Luis Chamberlain
2024-11-20 9:16 ` Roberto Sassu
2024-11-20 9:18 ` Roberto Sassu
2024-11-25 23:40 ` Luis Chamberlain
2024-11-26 7:56 ` Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 03/15] integrity: Introduce the Integrity Digest Cache Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 04/15] digest_cache: Initialize digest caches Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 05/15] digest_cache: Add securityfs interface Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 06/15] digest_cache: Add hash tables and operations Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 07/15] digest_cache: Allow registration of digest list parsers Roberto Sassu
2024-11-19 16:46 ` Randy Dunlap
2024-11-19 16:48 ` Roberto Sassu
2024-11-25 23:53 ` Luis Chamberlain
2024-11-26 10:25 ` Roberto Sassu
2024-11-26 19:04 ` Luis Chamberlain [this message]
2024-11-27 9:51 ` Roberto Sassu
2024-11-27 19:53 ` Luis Chamberlain
2024-11-28 8:23 ` Roberto Sassu
2024-11-28 20:40 ` Luis Chamberlain
2024-11-29 8:30 ` Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 08/15] digest_cache: Parse tlv digest lists Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 09/15] digest_cache: Populate the digest cache from a digest list Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 10/15] digest_cache: Add management of verification data Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 11/15] digest_cache: Add support for directories Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 12/15] digest cache: Prefetch digest lists if requested Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 13/15] digest_cache: Reset digest cache on file/directory change Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 14/15] selftests/digest_cache: Add selftests for the Integrity Digest Cache Roberto Sassu
2024-11-19 10:49 ` [PATCH v6 15/15] docs: Add documentation of " Roberto Sassu
2024-11-19 20:03 ` [PATCH v6 00/15] integrity: Introduce " Luis Chamberlain
2024-11-26 0:13 ` Eric Snowberg
2024-11-26 10:41 ` Roberto Sassu
2024-12-03 20:06 ` Eric Snowberg
2024-12-04 10:44 ` Roberto Sassu
2024-12-05 0:57 ` Eric Snowberg
2024-12-05 8:53 ` Roberto Sassu
2024-12-05 16:16 ` Roberto Sassu
2024-12-05 19:41 ` Eric Snowberg
2024-12-06 10:06 ` Roberto Sassu
2024-12-06 15:15 ` Eric Snowberg
2024-12-06 15:26 ` Roberto Sassu
2024-11-27 17:30 ` Dr. Greg
2024-11-27 17:56 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0Ybvzy7ianR-Sx9@bombadil.infradead.org \
--to=mcgrof@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alexandre.torgue@foss.st.com \
--cc=corbet@lwn.net \
--cc=da.gomez@samsung.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=hch@lst.de \
--cc=jannh@google.com \
--cc=jikos@kernel.org \
--cc=jmorris@namei.org \
--cc=kgold@linux.ibm.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcoquelin.stm32@gmail.com \
--cc=mjg59@srcf.ucam.org \
--cc=mkoutny@suse.com \
--cc=mzerqung@0pointer.de \
--cc=paul@paul-moore.com \
--cc=pbrobinson@gmail.com \
--cc=petr.pavlu@suse.com \
--cc=petr.vorel@gmail.com \
--cc=pmatilai@redhat.com \
--cc=ppavlu@suse.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=samitolvanen@google.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=wufan@linux.microsoft.com \
--cc=zbyszek@in.waw.pl \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).