Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2686779yba; Mon, 6 May 2019 09:59:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSJ/UxHaGc1lXIHTBtkeomOmHzP8sUDqd+KB5hddqc0evtY6CvjZhpFlLxkaKtN1APyQ1r X-Received: by 2002:a63:5608:: with SMTP id k8mr14472198pgb.393.1557161983759; Mon, 06 May 2019 09:59:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557161983; cv=none; d=google.com; s=arc-20160816; b=MJ4jPm76276D9Ubq69iIeushXQBrWRjqSKCwBezI8TbN5L552kKFygAs0xD0+MLqWh qW4PilgmQyr0qfpMrNSF02ChWmPSmU9jBAwEuQrnKjQHCuJZiJVNfNeWCAEpeQ9NH/dZ sZrCNIWq8skGkxzieD1Gj0mlLbPfD1r7ffgqjptYbBuRhnKBsqVtVSSwlkukr+N/f52u H8IVa4CJNA031n7RiSt8IphGy3XJZ7I8C4kbuJknsUTK3ICfLm+dseXVXU56xlOvTfjJ zieseNUX51ZUv0naTl+lRkMBEJ/BMx2dlQaONhOsq8OjIth5DbMMVq51+Wnlu8rh/DeK csig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=UB4QasgIHeSTVea/qBaWxtW3XarHAk7xJ/5LE84pUKk=; b=EAWI+Ji0HRR8G6HdGfF1kBoVLeCduAAuo21Y3lGNV+N705vGNugX/x+yFpJwS3/ive LY4Qb54GdPp8Sa7Us2T5zQZBf7fVXipXlQBEBIheRnhMr4knqCEGLWAulxvfjMlLLM+J Av4vUk9BspbMJO/YgAPGWwZvmbsRiP9LH76OFzpHXv356lSuaOIJgpGa/ssJpXyHrvwD m+KFXQAVUujDb1mbeL4OmrtQ7NB7FzY/Yh1cHyDWR8nwwMQUMxFqh9AittMTEKgRupWC yFyrENOV4NlpGAbTV0Rv6tBCLm0uWdhhjIbEHD4538+jzL//ZHC4fUt2mc8i5zOkrziQ 8u7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v11si16180926pgh.22.2019.05.06.09.59.28; Mon, 06 May 2019 09:59:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726833AbfEFQ5w (ORCPT + 99 others); Mon, 6 May 2019 12:57:52 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:53236 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726094AbfEFQ5w (ORCPT ); Mon, 6 May 2019 12:57:52 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x46GqmiJ049737 for ; Mon, 6 May 2019 12:57:51 -0400 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0b-001b2d01.pphosted.com with ESMTP id 2saq7mmvqg-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 06 May 2019 12:57:50 -0400 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 6 May 2019 17:57:49 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 6 May 2019 17:57:46 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x46GvjDh39846052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 6 May 2019 16:57:45 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DA920A4051; Mon, 6 May 2019 16:57:45 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04B1CA4040; Mon, 6 May 2019 16:57:45 +0000 (GMT) Received: from localhost.ibm.com (unknown [9.80.95.145]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 6 May 2019 16:57:44 +0000 (GMT) From: Mimi Zohar To: linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Igor Zhbanov , Jordan Glover , Al Viro , Mimi Zohar Subject: [PATCH 0/3] ima: addressing mmap/mprotect concerns Date: Mon, 6 May 2019 12:57:01 -0400 X-Mailer: git-send-email 2.7.5 X-TM-AS-GCONF: 00 x-cbid: 19050616-0016-0000-0000-00000278E759 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19050616-0017-0000-0000-000032D58D35 Message-Id: <1557161824-6623-1-git-send-email-zohar@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-06_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=872 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905060144 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Igor Zhbanov's "Should mprotect(..., PROT_EXEC) be checked by IMA?" thread raised concerns about IMA's handling of mmap/mprotect. [1] The kernel calls deny_write_access() to prevent a file already opened for write from being executed and also prevents files being executed from being opened for write. For some reason this does not extend to files being mmap'ed execute. This is a known, well described problem.[2] Jordan Glover commented that the proposed minor LSM "SARA" addresses this issue.[3] This patch set attempts to address some the IMA mmap/mprotect concerns without locking the mmap'ed files. Mimi [1] https://lore.kernel.org/linux-integrity/cce2c4c7-5333-41c3-aeef-34d43e63acb0@omprussia.ru/ [2] ]https://pax.grsecurity.net/docs/mprotect.txt [3] https://sara.smeso.it/en/latest/ Mimi Zohar (3): ima: verify mprotect change is consistent with mmap policy ima: prevent a file already mmap'ed write to be mmap'ed execute ima: prevent a file already mmap'ed read|execute to be mmap'ed write include/linux/ima.h | 6 +++-- security/integrity/ima/ima_main.c | 53 ++++++++++++++++++++++++++++++++++++--- security/security.c | 9 +++++-- 3 files changed, 61 insertions(+), 7 deletions(-) -- 2.7.5