Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3170221rdg; Tue, 17 Oct 2023 06:49:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHRGKlYFRHqthitaaRxzkar/92mdPnmk6tyA8pwVHN3hoJsYzFIoSwgPjjxe1b6Q+YmXJ5c X-Received: by 2002:a05:6a00:1a50:b0:6b6:e754:9e02 with SMTP id h16-20020a056a001a5000b006b6e7549e02mr2264298pfv.12.1697550557603; Tue, 17 Oct 2023 06:49:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697550557; cv=none; d=google.com; s=arc-20160816; b=G+RorDegyW7lC+cDC/cs5mEPM3v3EovmWC+pLvOpkQAha+RZgcTNfelIIAkOJMlfP+ 81aPO5AsSEaq/mPB5yqu+WdvhsjyDumGFtAzyaf1EpPgMlpZo8jM7y4nQQhVC3W9j6Un 5uCBQ6NVtBuA4N2idCgTeZU+Vvc6zKnJAat+xta8ruOdA0dwR6PpUFeoTLPwUl9xy6at /xKcAznsMHpKtuKpNrHoImf12WdYvNzw856wOiUd5q2QR3hP1GbjZ54aj9bOf51VY459 fDitneGBoS1MMviKGMrTT1AHbmrl3ACDKe23SknJHAbsLSN8bI1Xw6TFn4V7mro719gE adIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=Y/Q/veM+WrUMvOC3ZsztkalXA/anMvdD336IIr7Z0M8=; fh=/5MS1JqWXf0Xi7e4IBKAOsyavYIx5v2XZKggCJ8EnJI=; b=rShbb/qCwUV3VccDJHz4V7WACL+tQUOQDP/zCe9hk7gRJrq2yUj67PAW/wVy/lpH1i dUqbpeiPJt7R1ftN1kiS+cL5zb6/sJ1/sXDnYvM6A/9a5aR4f3hKLTm2bp6OMm44uQPc w1sKa1Dw45mC91USEQ8akA6Cqkjt5QmFSwvB/47Qvgsdsl3Y7Dkxa1xKhWnPULzNoeVp xe6ES7aT6Tz4CjeowmpUqf+hKOS8gogkQxoHb4GsGYx0El8/Jkbw+VL3WJpYskvk00rk GpphmvaUq1uFXMSPi/Z/9NiifHljMhXaEr54nVCP3vamvsw1dZIR2uyNfOy6jibLgvlY lDSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ecNiakEd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id g20-20020a056a001a1400b006b1fb740866si1736397pfv.189.2023.10.17.06.49.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 06:49:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ecNiakEd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 58F4E80C7112; Tue, 17 Oct 2023 06:49:15 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343939AbjJQNtB (ORCPT + 99 others); Tue, 17 Oct 2023 09:49:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343667AbjJQNtA (ORCPT ); Tue, 17 Oct 2023 09:49:00 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16DF8EA; Tue, 17 Oct 2023 06:48:59 -0700 (PDT) Received: from pps.filterd (m0353727.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39HDjvpV001128; Tue, 17 Oct 2023 13:48:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=Y/Q/veM+WrUMvOC3ZsztkalXA/anMvdD336IIr7Z0M8=; b=ecNiakEdKzJuwvK9VlU1gRkJekWBBLd1M2SzvGfXVzt/vyVg3YYDufB4LFmDHcm2H1ro TJWW0w50hG9WLp7+rDJfqbeULTR+O8GCFG7oQ/tVo/x+aspYwC6hwpK+i2v8h4u2WF3T kE71ls4fYm1TjydCtg9APw659btBoTN9zrH0TbXSXEtvSw61ZCgrwXQXnmx7I2yXKJ7l +hPiZX9Q4QWgvULcXQibf+nYBzjXn+p/zIA8STVpId4oInltPz4pPbL0BlZ3KLQQf6ya C+m8IYD1HV9tI9/vcbMuHyaNtcXRl42eTe2qb3RlvmnFyZFtOPyVB7VhzGmng90fR62J /w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3tstjxjc4x-37 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Oct 2023 13:48:36 +0000 Received: from m0353727.ppops.net (m0353727.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 39HDMaE6000915; Tue, 17 Oct 2023 13:39:53 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3tstjxj2f8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Oct 2023 13:39:53 +0000 Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 39HDI602026870; Tue, 17 Oct 2023 13:39:24 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 3tr5as9fn1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Oct 2023 13:39:24 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 39HDdN0e22676118 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 17 Oct 2023 13:39:24 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C98A958059; Tue, 17 Oct 2023 13:39:23 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 674CF5805D; Tue, 17 Oct 2023 13:39:22 +0000 (GMT) Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.ibm.com (unknown [9.61.43.157]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Tue, 17 Oct 2023 13:39:22 +0000 (GMT) Message-ID: Subject: Re: RFC: New LSM to control usage of x509 certificates From: Mimi Zohar To: =?ISO-8859-1?Q?Micka=EBl_Sala=FCn?= , Eric Snowberg , Paul Moore , "Serge E. Hallyn" Cc: Jarkko Sakkinen , David Howells , David Woodhouse , Kanth Ghatraju , Konrad Wilk , "linux-integrity@vger.kernel.org" , "keyrings@vger.kernel.org" , open list , linux-security-module@vger.kernel.org Date: Tue, 17 Oct 2023 09:39:21 -0400 In-Reply-To: <20231005.dajohf2peiBu@digikod.net> References: <932231F5-8050-4436-84B8-D7708DC43845@oracle.com> <7335a4587233626a39ce9bc8a969957d7f43a34c.camel@linux.ibm.com> <1149b6dbfdaabef3e48dc2852cc76aa11a6dd6b0.camel@linux.ibm.com> <4A0505D0-2933-43BD-BEEA-94350BB22AE7@oracle.com> <20230913.Ceifae7ievei@digikod.net> <20230914.shah5al9Kaib@digikod.net> <20231005.dajohf2peiBu@digikod.net> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-22.el8) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: J_oQBoAzttiRtxaEWpYHd_RTf2UQklPk X-Proofpoint-ORIG-GUID: FbyR1VNCVUun7l9FBAK_S2ewhomMrbtD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-17_02,2023-10-17_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxscore=0 phishscore=0 clxscore=1011 priorityscore=1501 adultscore=0 spamscore=0 lowpriorityscore=0 bulkscore=0 mlxlogscore=990 impostorscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310170117 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 17 Oct 2023 06:49:15 -0700 (PDT) On Thu, 2023-10-05 at 12:32 +0200, Micka?l Sala?n wrote: > > > > A complementary approach would be to create an > > > > LSM (or a dedicated interface) to tie certificate properties to a set of > > > > kernel usages, while still letting users configure these constraints. > > > > > > That is an interesting idea. Would the other security maintainers be in > > > support of such an approach? Would a LSM be the correct interface? > > > Some of the recent work I have done with introducing key usage and CA > > > enforcement is difficult for a distro to pick up, since these changes can be > > > viewed as a regression. Each end-user has different signing procedures > > > and policies, so making something work for everyone is difficult. Letting the > > > user configure these constraints would solve this problem. Something definitely needs to be done about controlling the usage of x509 certificates. My concern is the level of granularity. Would this be at the LSM hook level or even finer granaularity? -- thanks, Mimi