Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp115571imm; Fri, 21 Sep 2018 19:43:57 -0700 (PDT) X-Google-Smtp-Source: ACcGV63SxUyB1qgI7w+QOmVG39H67iiD1+FkkMj0b6zbvYc4uK8MyAdfuFO/oGuMlykepQyXEtpt X-Received: by 2002:a63:7b09:: with SMTP id w9-v6mr413576pgc.385.1537584237728; Fri, 21 Sep 2018 19:43:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537584237; cv=none; d=google.com; s=arc-20160816; b=lwgsEK0EEYnJNxRqB+nBLuh26J7VupR9O42YrTR3oQeSFnEYaj9eEul4U9hf01fGI7 PrgKTe3XaisPFIJuaB6PXKmsYqn2WgvF6f2CHblz6qODXcLZTL6rSOYkqVfw6jGXijcs +eQSReFlU8hajW1sUeGXVjXPdQs3+zW1kPPNw3qEi2UmeKAl6iC6/w7f551cKxMxtbvj YAuiaJuHnIrOxadJV18MnLlLtMafXPcxJ2S1Jhd9QeCX5oXtsjxLm2sbIj3yBsd0d1Il AMuQzZa82sS+ZCvguNaF6jO7ArdmNCryuGqVs+niry3B/7hDHGzjp+6U+D7zCKznvjJf DMig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=a1F0qMtQnaSQ4BfN2Qd8tviFqAlyz5lbDnvZV34+gUo=; b=SBQTvdioFz2BBToBlqWeVLUnqzENl5b48z13Z5x2FAbEs7s/hJsOhwrnDNiFk6CGrV sFguadr8x/MBOjhlZzgWUTbYYnecHT8yKQ1aRlEQROgstYISG+LUc9aFOzMMe6TsS/Dc 9k6BWQLn3BbwqP4fEsY4OWbffmbmpo5nG/Tv386qjMAypM5mPQbramGR1Lerm+YeWU9j Mz6C8fUEarT/o1t/p4wcWvT+LfIubTM4YUMskJQQ9eJ6FxjC08ObyXwx2rUcD0JJAYmW s47ojj1+MF9hlflbqRiF3SQMeE0YyXVuXI25x9tAKEShAVFaAqdTgwRum+uuVOdv9Vp/ 2OGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="BM/5Cfk2"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x5-v6si27006980plv.304.2018.09.21.19.43.28; Fri, 21 Sep 2018 19:43:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="BM/5Cfk2"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725967AbeIVIfK (ORCPT + 99 others); Sat, 22 Sep 2018 04:35:10 -0400 Received: from mail-yw1-f68.google.com ([209.85.161.68]:40671 "EHLO mail-yw1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725791AbeIVIfK (ORCPT ); Sat, 22 Sep 2018 04:35:10 -0400 Received: by mail-yw1-f68.google.com with SMTP id z143-v6so5967803ywa.7 for ; Fri, 21 Sep 2018 19:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=a1F0qMtQnaSQ4BfN2Qd8tviFqAlyz5lbDnvZV34+gUo=; b=BM/5Cfk2qrNn84jZfLGUdsyZFRgHFODpIoox+FDgW9BOqRBcQ2W+l6EnOR0BNL6K6y iw5d0eYuPLKP+iTg6ebN5ySWubyZhP27lWlMX7oa/OWBTASh4mWPIjxpFI3x+69he39z Ypj1PEr6Bo3A6GBtIhLMwKETo+V36qWXtbpP4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=a1F0qMtQnaSQ4BfN2Qd8tviFqAlyz5lbDnvZV34+gUo=; b=ldLuy+1aeINS4aBcn4YhWHbKWsSralLV9eNrlRGUkq6w7v02Gbot/mEucPnMotCCXC a9Ff5KkFdeDscXwa1+7Oe4fpqBdoOO5XvAmiorXqMAeP42HWBmpyyx63k4MHDSTOpSmX D89JcSpPK+MzZe3wFW1DQY0TOj6YbY9ifo4DP8S0tWTy1njWbsbQY9p6yOoNayjjpXp5 C4alkaOT2nmFaElUQh8+/tDxQUInLCOEHeKEmTTg+baVfNuMc59Pv5eZFnH2uMJjRoB0 ztim6cjwaDIPRywVhw6VUdV0dXAgo5IUCrT8AgkNyS1mlKEFWEK+zYWj7PjBquhCwL+x E5EA== X-Gm-Message-State: ABuFfoiciV9eztCWSnTa0PhXrpMJlPQKg/xJ5JIMD9veeby7+CGUv5mX 68qqvDr8a+FGA1S7c1T57jq0pHF+kBQ= X-Received: by 2002:a0d:ed47:: with SMTP id w68-v6mr178164ywe.479.1537584200954; Fri, 21 Sep 2018 19:43:20 -0700 (PDT) Received: from mail-yw1-f43.google.com (mail-yw1-f43.google.com. [209.85.161.43]) by smtp.gmail.com with ESMTPSA id j66-v6sm5308895ywc.61.2018.09.21.19.43.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 19:43:19 -0700 (PDT) Received: by mail-yw1-f43.google.com with SMTP id d193-v6so3096905ywb.3 for ; Fri, 21 Sep 2018 19:43:18 -0700 (PDT) X-Received: by 2002:a81:9b85:: with SMTP id s127-v6mr189732ywg.47.1537584198385; Fri, 21 Sep 2018 19:43:18 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Fri, 21 Sep 2018 19:43:16 -0700 (PDT) In-Reply-To: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> References: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> From: Kees Cook Date: Fri, 21 Sep 2018 19:43:16 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 21, 2018 at 5:17 PM, Casey Schaufler wrote: > The SELinux specific credential poisioning only makes sense > if SELinux is managing the credentials. As the intent of this > patch set is to move the blob management out of the modules > and into the infrastructure, the SELinux specific code has > to go. The poisioning could be introduced into the infrastructure > at some later date. > > Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook -Kees > --- > kernel/cred.c | 13 ------------- > security/selinux/hooks.c | 6 ------ > 2 files changed, 19 deletions(-) > > diff --git a/kernel/cred.c b/kernel/cred.c > index ecf03657e71c..fa2061ee4955 100644 > --- a/kernel/cred.c > +++ b/kernel/cred.c > @@ -704,19 +704,6 @@ bool creds_are_invalid(const struct cred *cred) > { > if (cred->magic != CRED_MAGIC) > return true; > -#ifdef CONFIG_SECURITY_SELINUX > - /* > - * cred->security == NULL if security_cred_alloc_blank() or > - * security_prepare_creds() returned an error. > - */ > - if (selinux_is_enabled() && cred->security) { > - if ((unsigned long) cred->security < PAGE_SIZE) > - return true; > - if ((*(u32 *)cred->security & 0xffffff00) == > - (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) > - return true; > - } > -#endif > return false; > } > EXPORT_SYMBOL(creds_are_invalid); > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 9d6cdd21acb6..80614ca25a2b 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -3920,12 +3920,6 @@ static void selinux_cred_free(struct cred *cred) > { > struct task_security_struct *tsec = selinux_cred(cred); > > - /* > - * cred->security == NULL if security_cred_alloc_blank() or > - * security_prepare_creds() returned an error. > - */ > - BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); > - cred->security = (void *) 0x7UL; > kfree(tsec); > } > > -- > 2.17.1 > > -- Kees Cook Pixel Security