Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3897686imm; Mon, 4 Jun 2018 11:04:08 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKKCdUO7aPmNPc8lHtyZ98r8ePLjYCiZqRKOtIXRnaLsCuIM4Se65/Y28T6likoz/3Htl1c X-Received: by 2002:a63:740d:: with SMTP id p13-v6mr17899134pgc.327.1528135448304; Mon, 04 Jun 2018 11:04:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528135448; cv=none; d=google.com; s=arc-20160816; b=rUBhqPQLRWhqlYgoJt7sWr3M/bDNBqflo7JFySQZGKxe4co5O5+fp3eoO8b2BoTyIE P15G2f0mJPu4JXg8pfQ2ocvaW718CuWNLNj/sms5/4PPLxRmJvVLWguQvOg1CkCzqWXr +PP5V6V7yRC5TN3HiTWqq52iXd0AN2adg6086iXMJX2uu25HpRzhhDOaWUxxVSdyv2ZV 9ZKXy1f/zAcGmuyO97+kERsagkqxpN0PGePrnDzJ36i5gm8zoiarZ05cZmr/AZ5KX+ay wQrsnidEW6zNGftMCQsii+xVW4PT+aavx6gjBoIni5Vi/qjtHWpGTFTMkzVPw620X5L4 gVFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=ua/u8ZGH5uw5Feis1PDNyZn1YYo+o4Uid3Te4dkIAfg=; b=F5t3c49OSQK61e9G5/mnvJEQd7RKd+jd+tNg2+AQf8ytsniTAgb+Pe4+7C4LZxzAP5 0Htuh2IfgCw4FsPwU4imZLujUi5X02J4Em9Gbh5YfLvAYZYdhgDpm7j1u2uTAwHUZm4q aK/efECJJmGSYfWYx1lS236+R77Zj1MYZwd5nt2gplUAaMx8TmH62C1QCEwduDA6yLbi CiRNjlf+ZoOG2so2LQYFT3CgOv0IGX2UkrXeWH95BbReCz36E11u1KTHrEzDIpApnkiy WO1/8943ERyvPRcE8gr6HmIC82y4xJo+Z+/Ly2ksRFpziff3cGjaVdakJ/p45JwOcXKA fuXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=hwzM4gRd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c10-v6si49120679pfn.133.2018.06.04.11.03.48; Mon, 04 Jun 2018 11:04:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=hwzM4gRd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751474AbeFDSDY (ORCPT + 99 others); Mon, 4 Jun 2018 14:03:24 -0400 Received: from sonic306-26.consmr.mail.gq1.yahoo.com ([98.137.68.89]:41073 "EHLO sonic306-26.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751445AbeFDSDV (ORCPT ); Mon, 4 Jun 2018 14:03:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1528135400; bh=ua/u8ZGH5uw5Feis1PDNyZn1YYo+o4Uid3Te4dkIAfg=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=hwzM4gRdmy6qM5oUicI+lP5RvrJJ69l/iVmy17G0sOJsyvVXWxuCEC/sDzJOikeRrylO1PjWtuuXtYYFmg3GRSioxZ6oO/bnC1y5jOCYzDkXO+Dl80IdUA+XFvvTqZjFtdJ5qSJf9T79jNbuqqADJq0nATH7WqAWOR5CwRp1Xg+b+NP8aSrv9xTEAKDh5/aL3Kizl+eflRw6KtjftDQrXTQlDM4LtM0iQ/IgG2s2yR9Plu1OaKweubiTC6C4QzWXnUEfw5AkS1jB8303Ysf1FE5JkgkwZO9U+xin4GuekXJUWbM60ejX2g3bX6+XkIlPs4LgHtZHUjC5mgpbSxaPCQ== X-YMail-OSG: VQ5nwasVM1lW9NSawEqwV.HIxm9CbN0su7gjOiZ37BZ3PpR8GS6dKfud06uLafw JvxEwXhQqE8RijSONj5HgxnBNmcsNjr42Zjlo8rllyo_AW9WcxHHUaL1PgPwpfFCETX2lEATVAZ8 BZR9hGkheSzvO1jemgZKEKVtbee3tyex_FdadEVKtFi9Qjg4HvortC3YJOSZZkYVC4_oE9o0b14U o64R6hjgAg4H3nPyXslG09SvGcwn4qmgXQgxPRtQKywATWhSmxXz2wzHNqdHjjk1CpxYP7aq0a2P ScN4yUShCf59lJdDV3EFYECeJ4WKy8lroJG2N72_d_Ogl7ljAZrkgT6hODonUE_UGOwArYcGY22i eIOqdLcp9qwegUrJ3EEmNJUN6Ue0ikW1sUSaIn3I33vb6oBrRiVnvtNb7H29F8yp2e.Eii37pXrA nUMFgryh5ul3pxlguQCUHHhkqEOBtdY6ul5dlKokhVHa_IVxuyjz6i0Q4JKxT6RxilRla1Ckydpu tDPldH03S9SMi2lqsx1xCNkVXlErpnK.Sg7yFysMHzL1JwTkbPAeT4dzkEY5MbsElnGkQTzUpcPS M259vxw2DEUSZHcRrGMLVdKLCw_5zYecZYfdyikRh56LkZYzTetW9TL9Nc1WrkRzg1QlweqtkPRm u5LbQWaF7I9mgZUk2zvMPfDU.1zqpRefbMR5wY727aojjGWGQqF_mpE_IqSw4UBkM Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.gq1.yahoo.com with HTTP; Mon, 4 Jun 2018 18:03:20 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224]) by smtp424.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 80f870e2eefa0f60d912610e2e9e29fa; Mon, 04 Jun 2018 18:03:18 +0000 (UTC) Subject: Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem To: Steve Kemp Cc: Kernel Hardening , LSM List , Linux Kernel Mailing List References: <1527346246-1334-1-git-send-email-s.mesoraca16@gmail.com> From: Casey Schaufler Message-ID: <8dc3efeb-ddf7-ca15-d70f-b6c32dea4eb6@schaufler-ca.com> Date: Mon, 4 Jun 2018 11:03:18 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/4/2018 9:57 AM, Steve Kemp wrote: >> A configurable LSM is probably the right way to do this. > I wonder how many out of tree LSM there are? Looking at the mainline > kernel the only "small" LSM bundled is YAMA, and it seems that most of > the patches proposing new ones eventually die out. LoadPin is upstream. > I appreciate that there are probably a lot of "toy" or "local" modules > out there for specific fields, companies, or products, but it does > seem odd that there are so few discussed publicly. Minor modules like Yama and LoadPin are constrained by not being able to use security blobs. That seriously limits the sort of thing you can do with them. It often makes more sense to get the behavior in mainline under CONFIG_SOMETHING than to provide a minor LSM in that case. > (The last two I remember were S.A.R.A and something relating to > xattr-attributes being used to whitelist execution.) Anything that would have to be a major (blob using) module has a very tough time because you have to displace an existing major module (SELinux, AppArmor, Smack, TOMOYO) in order to use it. When we get infrastructure managed security blobs upstream most of the proposed modules could be used in conjunction with the existing installed modules. Some would have to wait for the complete stacking solution, but that's limited to use of networking facilities. There's also renewed interest in minor modules being dynamically loadable, so they can be added on a running system as new and interesting threats get newer and more interesting mitigations. We don't make it easy for new modules. Some of that is an artifact of the infrastructure, and some is based on caution. > Steve > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >