Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3897686imm;
        Mon, 4 Jun 2018 11:04:08 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKKKCdUO7aPmNPc8lHtyZ98r8ePLjYCiZqRKOtIXRnaLsCuIM4Se65/Y28T6likoz/3Htl1c
X-Received: by 2002:a63:740d:: with SMTP id p13-v6mr17899134pgc.327.1528135448304;
        Mon, 04 Jun 2018 11:04:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528135448; cv=none;
        d=google.com; s=arc-20160816;
        b=rUBhqPQLRWhqlYgoJt7sWr3M/bDNBqflo7JFySQZGKxe4co5O5+fp3eoO8b2BoTyIE
         P15G2f0mJPu4JXg8pfQ2ocvaW718CuWNLNj/sms5/4PPLxRmJvVLWguQvOg1CkCzqWXr
         +PP5V6V7yRC5TN3HiTWqq52iXd0AN2adg6086iXMJX2uu25HpRzhhDOaWUxxVSdyv2ZV
         9ZKXy1f/zAcGmuyO97+kERsagkqxpN0PGePrnDzJ36i5gm8zoiarZ05cZmr/AZ5KX+ay
         wQrsnidEW6zNGftMCQsii+xVW4PT+aavx6gjBoIni5Vi/qjtHWpGTFTMkzVPw620X5L4
         gVFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=ua/u8ZGH5uw5Feis1PDNyZn1YYo+o4Uid3Te4dkIAfg=;
        b=F5t3c49OSQK61e9G5/mnvJEQd7RKd+jd+tNg2+AQf8ytsniTAgb+Pe4+7C4LZxzAP5
         0Htuh2IfgCw4FsPwU4imZLujUi5X02J4Em9Gbh5YfLvAYZYdhgDpm7j1u2uTAwHUZm4q
         aK/efECJJmGSYfWYx1lS236+R77Zj1MYZwd5nt2gplUAaMx8TmH62C1QCEwduDA6yLbi
         CiRNjlf+ZoOG2so2LQYFT3CgOv0IGX2UkrXeWH95BbReCz36E11u1KTHrEzDIpApnkiy
         WO1/8943ERyvPRcE8gr6HmIC82y4xJo+Z+/Ly2ksRFpziff3cGjaVdakJ/p45JwOcXKA
         fuXg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=hwzM4gRd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c10-v6si49120679pfn.133.2018.06.04.11.03.48;
        Mon, 04 Jun 2018 11:04:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@yahoo.com header.s=s2048 header.b=hwzM4gRd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751474AbeFDSDY (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Mon, 4 Jun 2018 14:03:24 -0400
Received: from sonic306-26.consmr.mail.gq1.yahoo.com ([98.137.68.89]:41073
        "EHLO sonic306-26.consmr.mail.gq1.yahoo.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751445AbeFDSDV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Jun 2018 14:03:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1528135400; bh=ua/u8ZGH5uw5Feis1PDNyZn1YYo+o4Uid3Te4dkIAfg=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=hwzM4gRdmy6qM5oUicI+lP5RvrJJ69l/iVmy17G0sOJsyvVXWxuCEC/sDzJOikeRrylO1PjWtuuXtYYFmg3GRSioxZ6oO/bnC1y5jOCYzDkXO+Dl80IdUA+XFvvTqZjFtdJ5qSJf9T79jNbuqqADJq0nATH7WqAWOR5CwRp1Xg+b+NP8aSrv9xTEAKDh5/aL3Kizl+eflRw6KtjftDQrXTQlDM4LtM0iQ/IgG2s2yR9Plu1OaKweubiTC6C4QzWXnUEfw5AkS1jB8303Ysf1FE5JkgkwZO9U+xin4GuekXJUWbM60ejX2g3bX6+XkIlPs4LgHtZHUjC5mgpbSxaPCQ==
X-YMail-OSG: VQ5nwasVM1lW9NSawEqwV.HIxm9CbN0su7gjOiZ37BZ3PpR8GS6dKfud06uLafw
 JvxEwXhQqE8RijSONj5HgxnBNmcsNjr42Zjlo8rllyo_AW9WcxHHUaL1PgPwpfFCETX2lEATVAZ8
 BZR9hGkheSzvO1jemgZKEKVtbee3tyex_FdadEVKtFi9Qjg4HvortC3YJOSZZkYVC4_oE9o0b14U
 o64R6hjgAg4H3nPyXslG09SvGcwn4qmgXQgxPRtQKywATWhSmxXz2wzHNqdHjjk1CpxYP7aq0a2P
 ScN4yUShCf59lJdDV3EFYECeJ4WKy8lroJG2N72_d_Ogl7ljAZrkgT6hODonUE_UGOwArYcGY22i
 eIOqdLcp9qwegUrJ3EEmNJUN6Ue0ikW1sUSaIn3I33vb6oBrRiVnvtNb7H29F8yp2e.Eii37pXrA
 nUMFgryh5ul3pxlguQCUHHhkqEOBtdY6ul5dlKokhVHa_IVxuyjz6i0Q4JKxT6RxilRla1Ckydpu
 tDPldH03S9SMi2lqsx1xCNkVXlErpnK.Sg7yFysMHzL1JwTkbPAeT4dzkEY5MbsElnGkQTzUpcPS
 M259vxw2DEUSZHcRrGMLVdKLCw_5zYecZYfdyikRh56LkZYzTetW9TL9Nc1WrkRzg1QlweqtkPRm
 u5LbQWaF7I9mgZUk2zvMPfDU.1zqpRefbMR5wY727aojjGWGQqF_mpE_IqSw4UBkM
Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.gq1.yahoo.com with HTTP; Mon, 4 Jun 2018 18:03:20 +0000
Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.105]) ([67.169.65.224])
          by smtp424.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 80f870e2eefa0f60d912610e2e9e29fa;
          Mon, 04 Jun 2018 18:03:18 +0000 (UTC)
Subject: Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem
To:     Steve Kemp <steve.backup.kemp@gmail.com>
Cc:     Kernel Hardening <kernel-hardening@lists.openwall.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
References: <1527346246-1334-1-git-send-email-s.mesoraca16@gmail.com>
 <CAGXu5j+PHzDwnJxJwMJ=WuhacDn_vJWe9xZx+Kbsh28vxOGRiA@mail.gmail.com>
 <CA+55aFx6DBp+d33_fytOGPWw11xg_L0MdGp1M2e5Obc0N9kMRQ@mail.gmail.com>
 <CAJHCu1Ky09DWskcD4nVW5u1C5faWMv1A4kcxWzdiap7+G1SPkg@mail.gmail.com>
 <CABxV-EWN8ag2zk2CDxWyC3+DvuM3ADbf=qGm4uczK8YnOd5JBQ@mail.gmail.com>
From:   Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <8dc3efeb-ddf7-ca15-d70f-b6c32dea4eb6@schaufler-ca.com>
Date:   Mon, 4 Jun 2018 11:03:18 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <CABxV-EWN8ag2zk2CDxWyC3+DvuM3ADbf=qGm4uczK8YnOd5JBQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 6/4/2018 9:57 AM, Steve Kemp wrote:
>> A configurable LSM is probably the right way to do this.
> I wonder how many out of tree LSM there are?  Looking at the mainline
> kernel the only "small" LSM bundled is YAMA, and it seems that most of
> the patches proposing new ones eventually die out.

LoadPin is upstream.

> I appreciate that there are probably a lot of "toy" or "local" modules
> out there for specific fields, companies, or products, but it does
> seem odd that there are so few discussed publicly.

Minor modules like Yama and LoadPin are constrained by not being
able to use security blobs. That seriously limits the sort of thing
you can do with them. It often makes more sense to get the behavior
in mainline under CONFIG_SOMETHING than to provide a minor LSM in
that case.

> (The last two I remember were S.A.R.A and something relating to
> xattr-attributes being used to whitelist execution.)

Anything that would have to be a major (blob using) module has
a very tough time because you have to displace an existing major
module (SELinux, AppArmor, Smack, TOMOYO) in order to use it.
When we get infrastructure managed security blobs upstream most
of the proposed modules could be used in conjunction with the
existing installed modules. Some would have to wait for the
complete stacking solution, but that's limited to use of networking
facilities.

There's also renewed interest in minor modules being dynamically
loadable, so they can be added on a running system as new and
interesting threats get newer and more interesting mitigations.

We don't make it easy for new modules. Some of that is an
artifact of the infrastructure, and some is based on caution.

> Steve
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>