From: jannh@google.com (Jann Horn)
To: linux-security-module@vger.kernel.org
Subject: [kernel-hardening] [PATCH v1 1/1] Add Trusted Path Execution as a stackable LSM
Date: Sat, 3 Jun 2017 12:39:03 +0200 [thread overview]
Message-ID: <CAG48ez1W6Pwxuhc92OGvtmLQLE8XhXCJvZDoqDCMSODvtGUT_A@mail.gmail.com> (raw)
In-Reply-To: <20170603055351.16080-1-matt@nmatt.com>
On Sat, Jun 3, 2017 at 7:53 AM, Matt Brown <matt@nmatt.com> wrote:
> This patch was modified from Brad Spengler's Trusted Path Execution (TPE)
> feature in Grsecurity and also incorporates logging ideas from
> cormander's tpe-lkm.
>
> Modifications from the Grsecurity implementation of TPE were made to
> turn it into a stackable LSM using the existing LSM hook bprm_set_creds.
> Also, denial messages were improved by including the full path of the
> disallowed program. (This idea was taken from cormander's tpe-lkm)
[...]
> Threat Models:
[...]
> 2. Attacker on system replaces binary used by a privileged user with a
> malicious one
>
> * This situation arises when administrator of a system leaves a binary
> as world writable.
>
> * TPE is very effective against this threat model
How do you end up with world-writable binaries in $PATH?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-03 10:39 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-03 5:53 [PATCH v1 1/1] Add Trusted Path Execution as a stackable LSM Matt Brown
2017-06-03 6:33 ` Al Viro
2017-06-04 5:24 ` Matt Brown
2017-06-04 5:47 ` [kernel-hardening] " Eric Biggers
2017-06-04 12:43 ` Matt Brown
2017-06-04 6:51 ` Al Viro
2017-06-03 10:39 ` Jann Horn [this message]
2017-06-03 22:30 ` [kernel-hardening] " Matt Brown
2017-06-05 15:30 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAG48ez1W6Pwxuhc92OGvtmLQLE8XhXCJvZDoqDCMSODvtGUT_A@mail.gmail.com \
--to=jannh@google.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).