Hi,
As Chris Wright suggested, the old limitations of the module are not
existing anymore, and the protection hooks are now based on memory
mappings of executables, which means, you can't bypass it by using the
old ld-linux shared library wrapping trick.
Also, many fixes for the module memory use and management, that also
prevent a possible overflowing in read functions of acl management code,
reported by Brad Spengler (a.k.a. spender) when we were revising it
yesterday night.
Also Seth Arnold helped me with some fixes and recommendations.
Anyway, feel free to try to mess it up, i would appreciate any
information about possible vulnerabilities, unexpected behaviors,
stinking buffers...whatever else ;)
Those who have contributed to this little project are listed in the
tpe.c source file.
The patch is attached, but i encourage to check out the
http://selinux.tuxedo-es.org/tpe-lsm/ site, as there you can find two
regression tests, one to try to bypass the engine and the other one for
trigger a basic overflow in the acl read functions (results can be found
at http://selinux.tuxedo-es.org/tpe-lsm/rtest2-log.txt).
The current limitations are described in the tpe-lsm.txt file,
inside ./Documentation/ and a few examples can be found at
http://selinux.tuxedo-es.org/tpe-lsm/0.2-TPE-LSM-Demonstration.txt )
Now i think it could have a chance for mainline inclusion.
Cheers,
--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager
Very cool. I'm glad to see the interest in my old module. I was hoping to
make changes but
am now working in Linux support here at IBM, so my time will now focus on
customers using
Linux. Best wishes with the code!
Community acceptance, anyone??
Niki A. Rahimi
IBM Premium Services Advanced Support
[email protected]
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]>
01/07/2005 03:09 AM
To: [email protected]
cc: Niki Rahimi/Austin/IBM@IBMUS, Chris Wright
<[email protected]>, Stephen Smalley <[email protected]>,
[email protected]
Subject: [PATCH] Trusted Path Execution LSM 0.2 (20050107)
Hi,
As Chris Wright suggested, the old limitations of the module are not
existing anymore, and the protection hooks are now based on memory
mappings of executables, which means, you can't bypass it by using the
old ld-linux shared library wrapping trick.
Also, many fixes for the module memory use and management, that also
prevent a possible overflowing in read functions of acl management code,
reported by Brad Spengler (a.k.a. spender) when we were revising it
yesterday night.
Also Seth Arnold helped me with some fixes and recommendations.
Anyway, feel free to try to mess it up, i would appreciate any
information about possible vulnerabilities, unexpected behaviors,
stinking buffers...whatever else ;)
Those who have contributed to this little project are listed in the
tpe.c source file.
The patch is attached, but i encourage to check out the
http://selinux.tuxedo-es.org/tpe-lsm/ site, as there you can find two
regression tests, one to try to bypass the engine and the other one for
trigger a basic overflow in the acl read functions (results can be found
at http://selinux.tuxedo-es.org/tpe-lsm/rtest2-log.txt).
The current limitations are described in the tpe-lsm.txt file,
inside ./Documentation/ and a few examples can be found at
http://selinux.tuxedo-es.org/tpe-lsm/0.2-TPE-LSM-Demonstration.txt )
Now i think it could have a chance for mainline inclusion.
Cheers,
--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager
#### tpe-20050107.patch has been removed from this note on January 07,
2005 by Niki Rahimi
#### signature.asc has been removed from this note on January 07, 2005 by
Niki Rahimi