Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3382935imm; Fri, 24 Aug 2018 16:19:23 -0700 (PDT) X-Google-Smtp-Source: ANB0VdY7lIJTLM0ZU9HWmSq9Vcc34ZmZMSq0fPrJy+4cXBE9fikuk5VNrreCxNrfaC9LmO/H5+TW X-Received: by 2002:a63:a54f:: with SMTP id r15-v6mr3491532pgu.336.1535152763505; Fri, 24 Aug 2018 16:19:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535152763; cv=none; d=google.com; s=arc-20160816; b=OeUh4u1PDEwH0SWuVggFlvG+xuidjp1sKPu6WTParAUCwdEmwmrQJhAgi1wPdhMdWm FU/+Vg+p616TUw0sQ/BbNimBoNTGxLl0mfa9sh9ZkLhvH+xKHjrnWzEePR2OfmZ9t3EN 4spjCJKoecjUnCht2qEOjGkW6pLmYiYf/HL9lzHq+IRK1yxia2uObOrB3zWnPW8IYkzX BX3rQMMGb6RykwW5rlVUCkBrjfLXqcjpYPg1cU7zczCZ0y7tho1PmI3fhU5tA7JGuiNE hmXnui1DYEZvSR5XVqki7TbII0jki/Q86QD93X3AVidsksjlyNCLth1lVaCJzPqSkQNB 1FxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=b8OY8BQh5z1sx5bHM+Z7pAyfOEHBwNux2JAqx8VdmZE=; b=uf9cwlC69In7mawWyLy/3R4yUSoukK+L84gxHkeJ8usLUAHBDAJf5Vp1lLP+w5SBbM aYofQLNBAEl5OS4AgeCul8welNHMbDLRPnQDcoe6tCcoAdGm5Zf1iVLs67XFoqRZQmHp pdb3IfahFo2udBMK7Dhl/Sy76bOhnHbWMyyIBlajF8j1y/VltYEKIVF/N5d8Cp5+AGB/ O9mmuQOMhKHt2pS9UPxW0UEFTWZKERBuzbMSiuSpb4BjsrCneGS7nql//PStK3ftdaa6 PPOffYjZe3HNb+yqydxmbFE98HG6nzL67yAchksIDfQVBqReS2GJk+9GhpaCUCneAvYi CX2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ABmjhLim; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n9-v6si8105457pgm.226.2018.08.24.16.19.08; Fri, 24 Aug 2018 16:19:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ABmjhLim; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727594AbeHYCys (ORCPT + 99 others); Fri, 24 Aug 2018 22:54:48 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:45804 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726943AbeHYCys (ORCPT ); Fri, 24 Aug 2018 22:54:48 -0400 Received: by mail-oi0-f68.google.com with SMTP id t68-v6so6850765oie.12 for ; Fri, 24 Aug 2018 16:18:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=b8OY8BQh5z1sx5bHM+Z7pAyfOEHBwNux2JAqx8VdmZE=; b=ABmjhLim8C8Z+7dBrT37REqyWmnRZn6Byikij0Rem9rQJdGHJZaqFcqcwlAb3uu40v ivc0JOIf1IMjwNnl8Nm/fvhK/anhz94pQc+pemxxPlOhdEp/hseC0GMmGjcAuus0xKaZ X6+ASitM/oKITmxuWpWdzuLlbwGJ3b4AwF7wl8HpgmVX+SARcHQH7RHjvmgFHvfauO8X Q2VDe0E80xtVjnN6NgX+wJeGdXRGh2pRH4MJ3FcQCLBQcMRAnkkiMY+7Ld9zn10l8PNM tZQTfHTmKFFy/3TMmizPvvA1iD4cVyUKogaysL/FXUGwwUYlnjyXXXJepFtjsle+KegY SLCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=b8OY8BQh5z1sx5bHM+Z7pAyfOEHBwNux2JAqx8VdmZE=; b=Br1eAinqwmj+ecDCoAbPtDEq7kGTEyEF68MiKz23uyPNLGT/t6SXU0R4RGFyclJX+B kOu3B2vavswVAmFt4ixhB5vBPMIU+orJSz1vATaf64pYEorUynAwTmmvTjS8VrcRWzwP wiPsweo+X7M/I8TMfxOAvNp+R/zNlV3holBqemZFtmlimjVmffrolk6pwlLEQgwkS89g 0MP/1ez4jifNLMmdlEI3ctjOJ3PNPhSX2v4NHE8kq3pU7qm9gs7lzwsLA0XEXY/ync51 BOyN7SiZLflfn/Ay66VB1WJOhRs0HPfKzm0wJdeaaHR2RDatVoRjVdTo8oh9cqSPGpQN rq9Q== X-Gm-Message-State: APzg51AOkFAF5mexyovI/bJeDPIXe9byyT81SEZLyE4oN5IjOlPOH40S SQycf/ZAUyEAn8ppJdZNWcah28mOMdsAhPJlYy8ZAI5i X-Received: by 2002:aca:b40a:: with SMTP id d10-v6mr3577192oif.190.1535152684096; Fri, 24 Aug 2018 16:18:04 -0700 (PDT) MIME-Version: 1.0 References: <20180824224117.3356-1-casey.schaufler@intel.com> <20180824224117.3356-4-casey.schaufler@intel.com> In-Reply-To: <20180824224117.3356-4-casey.schaufler@intel.com> From: Jann Horn Date: Sat, 25 Aug 2018 01:17:37 +0200 Message-ID: Subject: Re: [PATCH v4 3/5] LSM: Security module checking for side-channel dangers To: Casey Schaufler Cc: Kernel Hardening , kernel list , linux-security-module , selinux@tycho.nsa.gov, Dave Hansen , deneen.t.dock@intel.com, kristen@linux.intel.com, Arjan van de Ven Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Aug 25, 2018 at 12:42 AM Casey Schaufler wrote: > +config SECURITY_SIDECHANNEL_CAPABILITIES > + bool "Sidechannel check on capability sets" > + depends on SECURITY_SIDECHANNEL > + depends on !SECURITY_SIDECHANNEL_ALWAYS > + default n > + select SECURITY_SIDECHANNEL_NAMESPACES if USER_NS > + help > + Assume that tasks with different sets of privilege may be > + subject to side-channel attacks. Potential interactions > + where the attacker lacks capabilities the attacked has > + are blocked. Selecting this when user namespaces (USER_NS) > + are enabled will enable SECURITY_SIDECHANNEL_NAMESPACES. Thanks!