Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp25980pxf; Wed, 24 Mar 2021 19:46:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwT2xL/aZ1z4bXE9Kbl/Fcnp9NcYRvNKIUM7r/yB6/tvha792egkHRqVpShsLqRm7q393wO X-Received: by 2002:a50:e80c:: with SMTP id e12mr6654794edn.229.1616640413286; Wed, 24 Mar 2021 19:46:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616640413; cv=none; d=google.com; s=arc-20160816; b=Wn1r1Fjmx6WxLVllSgBnW4sqcQqE/rXvog3q0AsVUy8vrsFByrUrq18vQPtkes8H2u 7HjnSiqONeJq6x94APXttlSV0zaNPA7yK3b0gaC+HzzTw5a4X6BK3qoDXJuWq0j+4LtA Vqiq9fNdd6UTOi6C/l6bYS2HeIyGwIhwYiiQxsHrRtGC3IBkGMsL2HMVuvLmBL9dG3t2 df30bd60O+7/sK6aRkDhVzlqEHXb8JOrqvaITZGRZUNns74xo6b+Iq8N4exxS2mRcMS0 pSqakGi1XtmJS7zDmYclsRvvz/KMGIKNyqR66cdcOzXqH1aiHg+ClatACGM0WLrP6vcc 4HeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=swoqQ5Jerpbez7KNCTecJe5O/7G6beloFESQIfEjPVE=; b=AbueNDfkaO393J5/lSWklbqP/Tr0il9tvTVz2pgrfYteUJ9nid+SBF3+75A9JvLbPx R2VxAZObOvSKFMctKQzBlF4T84yqtOKQ1A1Y5th/BKnC+9LJ7bRbQiVf6PwEIN5ZUbvC W7QtTsNfxeaAK8+uLpdNU3jBSx55YZ4/00JyHwjnKzvpEqYsAgJwLLXvI0sK5ORzve3j 8Az14z0o3PyVunQPQazQGnYaZwZBM4ehi6CX0OpJUSahj1bTHCL+lcx6kJuEqVoPgNSb CneOJE5r8f5XM3EpOJMhBhwOB/VDe+7mlcugoxkyrioW40K4XQM0flmX2ctl0wkgfOEG j2gQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dn18si3006852ejc.590.2021.03.24.19.46.31; Wed, 24 Mar 2021 19:46:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229822AbhCXKKa (ORCPT + 99 others); Wed, 24 Mar 2021 06:10:30 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:56037 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229961AbhCXKKV (ORCPT ); Wed, 24 Mar 2021 06:10:21 -0400 Received: from fsav405.sakura.ne.jp (fsav405.sakura.ne.jp [133.242.250.104]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 12OAAJeu030968; Wed, 24 Mar 2021 19:10:19 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav405.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav405.sakura.ne.jp); Wed, 24 Mar 2021 19:10:19 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav405.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 12OAAJhC030965 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Wed, 24 Mar 2021 19:10:19 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [RFC PATCH 2/2] integrity: double check iint_cache was initialized To: Mimi Zohar Cc: linux-integrity@vger.kernel.org, James Morris , "Serge E . Hallyn" , linux-security-module , LKML , Eric Biggers , Dmitry Vyukov References: <20210319200358.22816-1-zohar@linux.ibm.com> <20210319200358.22816-2-zohar@linux.ibm.com> <8450c80a-104a-3f36-0963-0ae8fa69e0f2@i-love.sakura.ne.jp> <1a2245c6-3cab-7085-83d3-55b083619303@i-love.sakura.ne.jp> <8039976be3df9bd07374fe4f1931b8ce28b89dab.camel@linux.ibm.com> <8a8763a7-eeeb-3578-d50c-c15919fbe1f9@i-love.sakura.ne.jp> <3ed2004413e0ac07c7bd6f10294d6b6fac6fdbf3.camel@linux.ibm.com> <721b4f8d38b014babb0f4ae829d76014bbf7734e.camel@linux.ibm.com> From: Tetsuo Handa Message-ID: <0a0c5cc5-0e1b-ef01-60c4-5247af2124f4@i-love.sakura.ne.jp> Date: Wed, 24 Mar 2021 19:10:19 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <721b4f8d38b014babb0f4ae829d76014bbf7734e.camel@linux.ibm.com> Content-Type: text/plain; charset=iso-8859-15 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021/03/24 1:13, Mimi Zohar wrote: > On Wed, 2021-03-24 at 00:14 +0900, Tetsuo Handa wrote: >> On 2021/03/23 23:47, Mimi Zohar wrote: >>> Initially I also questioned making "integrity" an LSM. Perhaps it's >>> time to reconsider. For now, it makes sense to just fix the NULL >>> pointer dereferencing. >> >> Do we think calling panic() as "fix the NULL pointer dereferencing" ? > > Not supplying "integrity" as an "lsm=" option is a user error. There > are only two options - allow or deny the caller to proceed. If the > user is expecting the integrity subsystem to be properly working, > returning a NULL and allowing the system to boot (RFC patch version) > does not make sense. Better to fail early. What does the "user" mean? Those who load the vmlinux? Only the "root" user (so called administrators)? Any users including other than "root" user? If the user means those who load the vmlinux, that user is explicitly asking for disabling "integrity" for some reason. In that case, it is a bug if booting with "integrity" disabled is impossible. If the user means something other than those who load the vmlinux, is there a possibility that that user (especially non "root" users) is allowed to try to use "integrity" ? If processes other than global init process can try to use "integrity", wouldn't it be a DoS attack vector? Please explain in the descripotion why calling panic() does not cause DoS attack vector.