Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1427291AbdD3JgD (ORCPT <rfc822;w@1wt.eu>);
        Sun, 30 Apr 2017 05:36:03 -0400
Received: from smtp-sh.infomaniak.ch ([128.65.195.4]:52876 "EHLO
        smtp-sh.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1165813AbdD3Jfx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 30 Apr 2017 05:35:53 -0400
Subject: Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for
 the same LSM
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
        Casey Schaufler <casey@schaufler-ca.com>, linux-kernel@vger.kernel.org,
        Kees Cook <keescook@chromium.org>
References: <20170429190257.27137-1-mic@digikod.net>
 <da65a5ff-62a3-f755-1e8c-bf91a03fd1c9@schaufler-ca.com>
 <201704301111.CFC52113.LFVFQJtFOOMHOS@I-love.SAKURA.ne.jp>
Cc: james.l.morris@oracle.com, serge@hallyn.com,
        linux-security-module@vger.kernel.org
From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>
Message-ID: <46eeb13f-db7f-68c4-0bf7-fddaaed5460c@digikod.net>
Date: Sun, 30 Apr 2017 11:35:26 +0200
User-Agent: 
MIME-Version: 1.0
In-Reply-To: <201704301111.CFC52113.LFVFQJtFOOMHOS@I-love.SAKURA.ne.jp>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="tqvn6exqwIQSvQ6s1Q0RU82WbKTom1N2A"
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8
X-Antivirus-Code: 0x100000
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3306
Lines: 86

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tqvn6exqwIQSvQ6s1Q0RU82WbKTom1N2A
Content-Type: multipart/mixed; boundary="fkQo8XUaP3AJA39oiq5gSwpTMgocO4uWt";
 protected-headers="v1"
From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
 Casey Schaufler <casey@schaufler-ca.com>, linux-kernel@vger.kernel.org,
 Kees Cook <keescook@chromium.org>
Cc: james.l.morris@oracle.com, serge@hallyn.com,
 linux-security-module@vger.kernel.org
Message-ID: <46eeb13f-db7f-68c4-0bf7-fddaaed5460c@digikod.net>
Subject: Re: [PATCH v1] LSM: Enable multiple calls to security_add_hooks() for
 the same LSM
References: <20170429190257.27137-1-mic@digikod.net>
 <da65a5ff-62a3-f755-1e8c-bf91a03fd1c9@schaufler-ca.com>
 <201704301111.CFC52113.LFVFQJtFOOMHOS@I-love.SAKURA.ne.jp>
In-Reply-To: <201704301111.CFC52113.LFVFQJtFOOMHOS@I-love.SAKURA.ne.jp>

--fkQo8XUaP3AJA39oiq5gSwpTMgocO4uWt
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable


On 30/04/2017 04:11, Tetsuo Handa wrote:
> Casey Schaufler wrote:
>> On 4/29/2017 12:02 PM, Mickael Salaun wrote:
>>> Check if the registering LSM already registered hooks just before. Th=
is
>>> enable to split hook declarations into multiple files without
>>> registering multiple time the same LSM name, starting from commit
>>> d69dece5f5b6 ("LSM: Add /sys/kernel/security/lsm").
>>
>> What's special about the previous registration? Keep it
>> simple and check it the name is already anywhere on the
>> list and only add it if it's not already there. I don't
>> see advantage to:
>>
>> 	% cat /sys/kernel/security/lsm
>> 	capability,yama,spiffy,selinux,spiffy
>>
>> over
>> 	% cat /sys/kernel/security/lsm
>> 	capability,yama,spiffy,selinux
>>

That was my first though, but then I realized that I don't see any use
case where an LSM would register hooks interleaved with other LSM. I
find the current approach simpler because we only search from the end of
the string and we do not handle special cases (e.g. matching only a
sub-name). Moreover, this approach respects the semantic describe in
Documentation/security/LSM.txt: "The list reflects the order in which
checks are made".

>=20
> -	if (lsm_append(lsm, &lsm_names) < 0)
> +	if (lsm && lsm_append(lsm, &lsm_names) < 0)
>=20
> in security_add_hooks()?
>=20

That was considered
[https://lkml.kernel.org/r/CAGXu5jJCvJ6-uZ=3DKfhh3xD7UvaY+G99e9NXFMzvi=3D=
9OQzA6Ecg@mail.gmail.com]
but Kees and Casey seem to prefer the current approach.


--fkQo8XUaP3AJA39oiq5gSwpTMgocO4uWt--

--tqvn6exqwIQSvQ6s1Q0RU82WbKTom1N2A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEUysCyY8er9Axt7hqIt7+33O9apUFAlkFr94ACgkQIt7+33O9
apVt8AgApxAIrq1HMsMCUawL0j+ySiV7VeYz7y6ucN6Z0obLkWymUqdz5PbogtF6
NqpOLVpdH95gpysiEs3pQg3lj6QiK30pq5EmNbws7RJuLYa1Gfwt3SpnofmSapUq
ncGQppSz+9tItz3KcsXzwRtKWwtFVJOZSMUpL79rQG3XO4CxjuS3dGp3AFOcbzcx
uU+N0zOuPHdmJjhEt7n9RD77fX9tl39uoZke8Lisnq1492nTHoXTJ9qgRgYRy3yP
neUrIHJGRSpknVcMBNwSpL07DHNCrxBxav7wROAXpwgdpZ6rS58n77B6XxJSIBqT
GC2g0n9lUETraJbK5F+Ban41uNaTVw==
=HKVs
-----END PGP SIGNATURE-----

--tqvn6exqwIQSvQ6s1Q0RU82WbKTom1N2A--