Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3643198imm; Mon, 4 Jun 2018 07:04:55 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJbKwn4Sv+zvBp8Vm9R6OASDtXCdrvUh9Pxwz7k4E3g0ihOtBCIgrK4zUTD/5usStvvqpO1 X-Received: by 2002:a63:6e08:: with SMTP id j8-v6mr9856439pgc.428.1528121095758; Mon, 04 Jun 2018 07:04:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528121095; cv=none; d=google.com; s=arc-20160816; b=IVmswb/KBpny/4h0AS9i9tKFwi8I0fg1pDUoo73lfiP2GC2GeDpUytclO4ryAb8Krz 2+G3Hb5SQdcs4/HFk0knsBgju68XuMggThdo9wDF9VYLsw0VpXgRXO/LMuVE8Oz8Pem1 vGOb7mOfiwOe1RDA4B6TnFm/wIMtqbW13mOI69NQZthcoyWwmy4VGyPcRfwDYuLWPpGi s3BipIREPX9vmkvlqMh6fqrN0CM62ZuoeXTrY/mNq9R1EqNyTS4SRwTHqKm8uei2vgOS o2u86qjDABZ3wQqP7/Wspq7+CfZb6N70nvTuGOgdvWsA08NawQlx31VXW/VAxyHHhzqD /Qyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject :arc-authentication-results; bh=GucL0f2ihWE9kf7p5lpt/FVDI1ANtDTqKQE6YH59Jk4=; b=pVWTfvK7fkNn0QtnWzQOZJ5raE55SVVZNKtifVKOBms38PpgVzJjqnrg+Nk6u2QJ8Z M2+oaZrNG9Szg651JtRF+JXWUkd/A1RYV/6Cw+SpL5uH5Cff2NHfnU563jLMMsnJiPTw KMmI5vo9PO1SCkhqJkJGQhojGyt6pQIPqGGs/CHirkSJBy/PSXxUnPDQfK1bdWSAafg5 VT+cA3idTG3oeGHy3He8ed5WTxtrAfui+wvhPEDVlRnZlaLQMJbgEtSRGogksT8HNGpQ BNj4OhhzN/sGqeNVC2CKf5G/D9/pJZ3+qAmwOc2jmzbzevvNyvpRwEKy/uEgmBOhQ3cu IV9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3-v6si36444642pgc.229.2018.06.04.07.04.40; Mon, 04 Jun 2018 07:04:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753200AbeFDOER (ORCPT + 99 others); Mon, 4 Jun 2018 10:04:17 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:57558 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751473AbeFDOEQ (ORCPT ); Mon, 4 Jun 2018 10:04:16 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w54DxqmO134316 for ; Mon, 4 Jun 2018 10:04:15 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2jd4r56jrt-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 04 Jun 2018 10:04:10 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 4 Jun 2018 15:04:04 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 4 Jun 2018 15:03:59 +0100 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w54E3wOJ9765100 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 4 Jun 2018 14:03:58 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9396B4203F; Mon, 4 Jun 2018 14:54:22 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8FAE942049; Mon, 4 Jun 2018 14:54:20 +0100 (BST) Received: from localhost.localdomain (unknown [9.80.88.238]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 4 Jun 2018 14:54:20 +0100 (BST) Subject: Re: [PATCH v4 0/8] kexec/firmware: support system wide policy requiring signatures From: Mimi Zohar To: Casey Schaufler , James Morris , Kees Cook , Paul Moore , "Serge E. Hallyn" Cc: linux-integrity , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, David Howells , "Luis R . Rodriguez" , Eric Biederman , kexec@lists.infradead.org, Andres Rodriguez , Greg Kroah-Hartman , Ard Biesheuvel , Jessica Yu Date: Mon, 04 Jun 2018 10:03:45 -0400 In-Reply-To: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18060414-0028-0000-0000-000002CC87E8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18060414-0029-0000-0000-000023830E2C Message-Id: <1528121025.3237.116.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-06-04_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806040166 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-05-29 at 14:01 -0400, Mimi Zohar wrote: > Instead of adding the security_kernel_read_file LSM hook - or defining a > wrapper for security_kernel_read_file LSM hook and adding it, or > renaming the existing hook to security_kernel_read_data() and adding it > - in places where the kernel isn't reading a file, this version of the > patch set defines a new LSM hook named security_kernel_load_data(). > > The new LSM hook does not replace the existing security_kernel_read_file > LSM hook, which is still needed, but defines a new LSM hook allowing > LSMs and IMA-appraisal the opportunity to fail loading userspace > provided file/data. > > The only difference between the two LSM hooks is the LSM hook name and a > file descriptor. Whether this is cause enough for requiring a new LSM > hook, is left to the security community. Paul does not have a preference as to adding a new LSM hook or calling the existing hook.  Either way is fine, as long as both the new and existing hooks call the existing function. Casey didn't like the idea of a wrapper. James suggested renaming the LSM hook. The maintainers for the callers of the LSM hook prefer a meaningful LSM hook name.  The "null" argument is not as much of a concern.  Only Eric seems to be asking for a separate, new LSM hook, without the "null" argument. Unless someone really objects, to accommodate Eric we'll define a new LSM hook named security_kernel_load_data.  Eric, are you planning on Ack'ing patches 1 & 2? Mimi