Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp3501034rwr; Sun, 7 May 2023 13:16:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7pBwcGQTH+GPAVMGy1XXxIXDW7m9eJuYTIacIB/RFyWnNZXWgR5N1midXspVegpt6EQu1M X-Received: by 2002:a17:90a:8a8d:b0:24e:69e:71f with SMTP id x13-20020a17090a8a8d00b0024e069e071fmr7937991pjn.7.1683490602535; Sun, 07 May 2023 13:16:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683490602; cv=none; d=google.com; s=arc-20160816; b=aoX+oIPATLzh3n6wdM6CluU9zHpxQ28TsyR8Q++4Kgn+8qgyVEBCDla7lUT5VXwdEJ 0Gtaoc7g4wL0wQLubE9wYjhJpR2Yy2g3rszu/0yrx+/sWsi+2tOaZSEMQoFRD4KdhXOG v+JGItu/5IlE0K+wFmm4s4svLWFzm7sNyLyue9F5WBW4N5Hbcra/SN0NXQ4sWpLSCIjX sHrz6s/yZXBxqeZEIvmgzq6WMUidFPI5E9PxU0gc7l+c4UKb/pc+giNqVqikKoV+MAsn vuBw3/1CPHzwvGRbwLe7hyEKAyHmg/KuTtvPS/ytCBDUVL5KttC4CHyAb6m4eo9/NqYh KxEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Zyj2EiCvdTduHLqcmu7mXgIBGvXlvMB1pane2tqkF7E=; b=B2TM4zYIAhyNnIOGataCZkMnG+uggKS3z3exA/8ds3NpGwGvwMs4olRu1Q9jDDfToC bPoc3MFMX1E+49voQK3k+DM8WHPEZXRwPZvrJMeQ9GB6a4Mlh09Zhxws1eM9CK3Hi36m huyQF37o3qjM2pExQSSBtHEto1qz3V2uw3VNe5lxBEmVp2f+Dhj/bbthQKzCkFyXtlcu jAFPibeid6GeS0DRl1LiN1Ql7lFHpFEtlcSmMvnRYtl7NoFmu46qY+HYNxIKuSkzZZ8n pCPbomouwx2IE3Gnl/QeYU6anNbkaP6QFAeANMS1tIlVd7htVPPXvp/Y4n5YUmFuVsyn CZeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=HovbGonv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pi12-20020a17090b1e4c00b00246fe4e326dsi12004637pjb.81.2023.05.07.13.16.20; Sun, 07 May 2023 13:16:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=HovbGonv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230433AbjEGTxV (ORCPT + 99 others); Sun, 7 May 2023 15:53:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229619AbjEGTxU (ORCPT ); Sun, 7 May 2023 15:53:20 -0400 Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA65911562 for ; Sun, 7 May 2023 12:53:16 -0700 (PDT) Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-559eae63801so56450387b3.2 for ; Sun, 07 May 2023 12:53:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1683489196; x=1686081196; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Zyj2EiCvdTduHLqcmu7mXgIBGvXlvMB1pane2tqkF7E=; b=HovbGonvcX5N33ZjAIXpk4nBo33sAlxq1QGT9NpuhVKTsJ+IPtEw9Cp0pK3vMQqZCX yMERRh6IsK8ylRf73EWSXkyxzpndyvw9zupn3p6xHJtD6gh6YQnVVMmrhzQzNnp/3k82 WvBn7PioMWALD9g+ebvbodFgl7/8Zdu91Kkz7apHZvluX0naIRyiebich3A8BibOJ5ud x4u598AtsP929aBszW6HtQkOJeQzHnv9lc7PiAdtQJiyGXVl7j2NvQew1QYm2We4ZngS cmO8wXENruc4TD8Z4g4R0Ngf5MD+xWtep2Y3ix0agt9ARcjjDYtovnqY7/J87qqW4DWg MMMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683489196; x=1686081196; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Zyj2EiCvdTduHLqcmu7mXgIBGvXlvMB1pane2tqkF7E=; b=FgZYdR7r37Y8GWbPinMFLQ1ripsIB3bli+dvnVxsd3hLT4harlS0W5sp9DVIn/hipT ESOT2usNjSit9vwij4vB6dWUdYBRytIrcw1+XTyCEC1rB56D2Le1xbzcPMmja58HZK8u LPWh7gSR+R2xQeJzLK4IfJxvvnZmYmZu2b3ng6DXARXN5CQYIAVr7u3zKyTiq8JlceyB pR6qP92Z125gj+lGJyVDmjacGB5Lc5iUnxUvOdGt8Iw1aBKDItDMpA4A3Xt8ZTITZLSv EfH+qE+DAwm19H8fY4oU93ELLKkBqdOv/NXxzbSXPvtqUJQ3coeyyNV5HWi75VosVEmt SAIw== X-Gm-Message-State: AC+VfDwq/T62b/zMYeAXyTZSpQ7sScJFEOnBLkA3DthRGLysNoUyL98A u/D1bhFpa0XpavLndLmT34SieXV5fpyNUYMgbw+W X-Received: by 2002:a0d:ea4b:0:b0:55a:20a1:4ba6 with SMTP id t72-20020a0dea4b000000b0055a20a14ba6mr8815170ywe.25.1683489196101; Sun, 07 May 2023 12:53:16 -0700 (PDT) MIME-Version: 1.0 References: <20230504213002.56803-1-michael.mccracken@gmail.com> <87pm7f9q3q.fsf@gentoo.org> In-Reply-To: From: Paul Moore Date: Sun, 7 May 2023 15:53:05 -0400 Message-ID: Subject: Re: [PATCH] sysctl: add config to make randomize_va_space RO To: Kaiwan N Billimoria Cc: David Hildenbrand , Sam James , Michael McCracken , linux-kernel@vger.kernel.org, serge@hallyn.com, tycho@tycho.pizza, Luis Chamberlain , Kees Cook , Iurii Zaikin , Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, kernel-hardening@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 6, 2023 at 3:05=E2=80=AFAM Kaiwan N Billimoria wrote: > On Fri, May 5, 2023 at 8:53=E2=80=AFPM Paul Moore w= rote: > > > > On Fri, May 5, 2023 at 11:15=E2=80=AFAM David Hildenbrand wrote: > > > On 05.05.23 09:46, Sam James wrote: > > > > David Hildenbrand writes: > > > >> On 04.05.23 23:30, Michael McCracken wrote: > > > >>> Add config RO_RANDMAP_SYSCTL to set the mode of the randomize_va_= space > > > >>> sysctl to 0444 to disallow all runtime changes. This will prevent > > > >>> accidental changing of this value by a root service. > > > >>> The config is disabled by default to avoid surprises. > > > > ... > > > > > If we really care, not sure what's better: maybe we want to disallow > > > disabling it only in a security lockdown kernel? > > > > If we're bringing up the idea of Lockdown, controlling access to > > randomize_va_space is possible with the use of LSMs. One could easily > > remove write access to randomize_va_space, even for tasks running as > > root. > > IMO, don't _move_ the sysctl to LSM(s). There is nothing to move, the ability to restrict access to randomize_va_space exists today, it is simply a matter of if the security policy author or admin wants to enable it. If you are like Michael and you want to block write access, even when running as root, you can do so with an LSM. You can also allow write access. With SELinux you can allow/disallow the privilege on a task-by-task basis to meet individual usability and security requirements. --=20 paul-moore.com