security patches / lsm

security patches / lsm

[Nico Schottelius]

[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

Hello!

What about the LSM framework in the kernel and the arguments at
   http://www.rsbac.org/lsm.htm
   http://www.grsecurity.net/lsm.php
?

Are you working together with those maintainers to enable their
patches?

Greetings,

Nico

ps: please CC, I am not subscribed

-- 
Keep it simple & stupid, use what's available.
pgp: 8D0E E27A          | Nico Schottelius
http://nerd-hosting.net | http://linux.schottelius.org

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: security patches / lsm

[Chris Wright]

* Nico Schottelius (nico-kernel@schottelius.org) wrote:
> What about the LSM framework in the kernel and the arguments at
>    http://www.rsbac.org/lsm.htm
>    http://www.grsecurity.net/lsm.php

It's been fairly functional for something as comprehenseive as SELinux,
and supports other users as well, LIDS, DTE come to mind.  There are
probably some improvements we could make from a few of the complaints
from these projects, however they haven't contacted the lsm list in years.

> Are you working together with those maintainers to enable their
> patches?

No.  They've both said they don't want to spend any time on such
endeavor.  I think it would be time well spent, perhaps you'd like to
help?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Re: security patches / lsm

[Nico Schottelius]

[-- Attachment #1: Type: text/plain, Size: 1429 bytes --]

Sorry for the late answer!

For me it looks like rsbac and grsecurity could get included in 2.6.

It looks like Amon did the work necessary to intergrate it into 2.6.
(have a look at http://www.rsbac.org/).

And grsecurity also works nice with 2.6
(http://www.grsecurity.net/download.php).

Who decides whether to integrate them or not?

Nico

Chris Wright [Thu, Jan 22, 2004 at 03:09:37PM -0800]:
> * Nico Schottelius (nico-kernel@schottelius.org) wrote:
> > What about the LSM framework in the kernel and the arguments at
> >    http://www.rsbac.org/lsm.htm
> >    http://www.grsecurity.net/lsm.php
> 
> It's been fairly functional for something as comprehenseive as SELinux,
> and supports other users as well, LIDS, DTE come to mind.  There are
> probably some improvements we could make from a few of the complaints
> from these projects, however they haven't contacted the lsm list in years.
> 
> > Are you working together with those maintainers to enable their
> > patches?
> 
> No.  They've both said they don't want to spend any time on such
> endeavor.  I think it would be time well spent, perhaps you'd like to
> help?
> 
> thanks,
> -chris
> -- 
> Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nerd-hosting.net | http://nico.schotteli.us

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: security patches / lsm

[GCS]

[-- Attachment #1: Type: text/plain, Size: 180 bytes --]

* Nico Schottelius <nico-kernel@schottelius.org> [2004-06-09 11:03:46 +0200]:

> Who decides whether to integrate them or not?
 Linus? AFAIK he already said no to grsecurity.
/GCS

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: security patches / lsm

[Nico Schottelius]

[-- Attachment #1: Type: text/plain, Size: 661 bytes --]

GCS [Wed, Jun 09, 2004 at 01:22:35PM +0200]:
> * Nico Schottelius <nico-kernel@schottelius.org> [2004-06-09 11:03:46 +0200]:
> 
> > Who decides whether to integrate them or not?
>  Linus? AFAIK he already said no to grsecurity.

I heard about that, but I wanted to know whether this statement is still
true. I think with grsecurity you get a great security enhanced kernel.

And if the performance is really getting worse, why not add grsecurity
patches with #ifdef GRSECURITY_ENABLED? 

Nico

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nerd-hosting.net | http://nico.schotteli.us

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: security patches / lsm

[Olaf Hering]

 On Wed, Jun 09, Nico Schottelius wrote:

> And if the performance is really getting worse, why not add grsecurity
> patches with #ifdef GRSECURITY_ENABLED? 

This is the kernel, not XFree86.

-- 
USB is for mice, FireWire is for men!

sUse lINUX ag, nÜRNBERG

Re: security patches / lsm

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 1975 bytes --]

On Wed, 09 Jun 2004 13:46:15 +0200, Nico Schottelius said:

> I heard about that, but I wanted to know whether this statement is still
> true. I think with grsecurity you get a great security enhanced kernel.

grsecurity is also an incredibly intrusive patch, and as of last week Brad
Spendler was dropping continuing support due to time/financial issues.

The Grsecurity stuff breaks down into several pieces:

1) The PaX stuff, which is more intrusive than the RedHat exec-shield patch
and doesn't buy us an obviously higher level of security - the major thing that
PaX does that exec-shield doesn't is prevent calling mprotect() on a previously
writable page to make it executable.  Note that mprotect() can be handled via
an LSM exit as well, so that's an alternate route to take.  Note that the PaX
stuff requires a patch to binutils and recompiling/relinking everything to take
full advantage of it (OK, exec-shield does as well, but has the advantage that
the GNU_PT_STACK stuff has already been pushed upstream).  Either way,
we still have the Wine problem... ;)

2) For better or worse, SELinux and LSM are already in the base kernel, so
Brad's ACL stuff is a duplication of effort.  Feel free to drag that along
yourself, but any percieved benefit of Brad's ACL system is outweighted (in
my book at least) by the fact that SELinux is being actively worked into
things like Fedora, Suse, and Debian.

3) A bunch of things like hardening /tmp symlinks and chroot jails, which
are just as doable via an LSM module - I posted a "first cut" a while back,
and I'll probably put out another one very shortly that incorporates all the
helpful feedback I got over on the SELinux and LSM lists (Thanks, guys! ;)

4) When I looked at it, the remainder was basically just PID randomization
and some network randomization tweaks (again, I posted a first-cut, and will
probably post another shortly incorporating suggestions I got).

That's my take on it, for what it's worth...

[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: security patches / lsm

[Greg KH]

On Wed, Jun 09, 2004 at 11:03:46AM +0200, Nico Schottelius wrote:
> Sorry for the late answer!
> 
> For me it looks like rsbac and grsecurity could get included in 2.6.
> 
> It looks like Amon did the work necessary to intergrate it into 2.6.
> (have a look at http://www.rsbac.org/).
> 
> And grsecurity also works nice with 2.6
> (http://www.grsecurity.net/download.php).
> 
> Who decides whether to integrate them or not?

They need to actually submit the patches for inclusion, which both
groups have not done.

thanks,

greg k-h

Re: security patches / lsm

[Chris Wright]

* Nico Schottelius (nico-kernel@schottelius.org) wrote:
> Sorry for the late answer!
> 
> For me it looks like rsbac and grsecurity could get included in 2.6.
> 
> It looks like Amon did the work necessary to intergrate it into 2.6.
> (have a look at http://www.rsbac.org/).
> 
> And grsecurity also works nice with 2.6
> (http://www.grsecurity.net/download.php).
> 
> Who decides whether to integrate them or not?

Ultimately, that's Linus, often with some input from the rest of
the community.  Look, it's very simple.  Create patches, submit for
public review, update according to feedback, resubmit, etc.  The main
problem here is the patches above are invasive and considering where
we are in the 2.6 series (read: concerned utmost about stability) large
invasive patches aren't appropriate.  Further, there's an infrastructure
designed to support some of the features in the above patchsets, LSM.
And the idle complaints that it's inadequate without engaging in dialog
or supplying patches don't work very far towards a solution.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Re: security patches / lsm

[Nico Schottelius]

[-- Attachment #1: Type: text/plain, Size: 1598 bytes --]

Chris Wright [Wed, Jun 09, 2004 at 10:40:25AM -0700]:
> * Nico Schottelius (nico-kernel@schottelius.org) wrote:
> > Sorry for the late answer!
> > 
> > For me it looks like rsbac and grsecurity could get included in 2.6.
> > 
> > It looks like Amon did the work necessary to intergrate it into 2.6.
> > (have a look at http://www.rsbac.org/).
> > 
> > And grsecurity also works nice with 2.6
> > (http://www.grsecurity.net/download.php).
> > 
> > Who decides whether to integrate them or not?
> 
> Ultimately, that's Linus, often with some input from the rest of
> the community.  Look, it's very simple.  Create patches, submit for
> public review, update according to feedback, resubmit, etc.

Thought so, too.

> The main
> problem here is the patches above are invasive and considering where
> we are in the 2.6 series (read: concerned utmost about stability) large
> invasive patches aren't appropriate.

Ok. So waiting for 2.7 is much more senseful.

> Further, there's an infrastructure
> designed to support some of the features in the above patchsets, LSM.

As stated by Amon and others, LSM seems not to be the perfect thing.

> And the idle complaints that it's inadequate without engaging in dialog
> or supplying patches don't work very far towards a solution.
 
Well, where do you think should we discuss that? I think Amon
doesn't avoid this discussion.

Have a nice rest-weekend,

Nico

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nerd-hosting.net | http://nico.schotteli.us

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]