From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34C21C77B7F
	for <linux-mm@archiver.kernel.org>; Fri,  5 May 2023 15:23:37 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A29946B007D; Fri,  5 May 2023 11:23:36 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9D7A66B007E; Fri,  5 May 2023 11:23:36 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 8C53A6B0080; Fri,  5 May 2023 11:23:36 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179])
	by kanga.kvack.org (Postfix) with ESMTP id 731FE6B007D
	for <linux-mm@kvack.org>; Fri,  5 May 2023 11:23:36 -0400 (EDT)
Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-b9a6f17f2b6so14496010276.1
        for <linux-mm@kvack.org>; Fri, 05 May 2023 08:23:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore.com; s=google; t=1683300216; x=1685892216;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=4/3vTohp91jiKKtxYYXC9sZ4oDT0Wvdf7xVOWIDy7Fk=;
        b=Bszl0DwZbz8s+myurjfDruThE0Fu8MhipC9cyx9FTy3XiZxkMKgFbm867G2C7RFNbT
         OJczRbftk7euoqYCIpgBXpuyjmZnTE8jpjOwFvJJ3s/14zLgxyQjZjhqwtzHVIeb9rHH
         h70UHwRlPMA2MUR8cG2u9TKfm7m10YDCj7ZelEEfzTiSLn15zDrDojwEIkVgmD5VnDSv
         HsR7FB2fKjU/MVKSotN/8UpkcEqIFiaiWiww4pIvKGNGUKhbKawbk1skibuLteTKnxCc
         y4Xn865xcSP3LUMtcRXSqSyY6lp9eAE99FUGbpcL32FJ0gHXsTQpLgKCjmDkPqmv4uJC
         8EbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683300216; x=1685892216;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4/3vTohp91jiKKtxYYXC9sZ4oDT0Wvdf7xVOWIDy7Fk=;
        b=k1y7TzmvoUcSWBXJfDLs9Q5wP/t2LLx8FbUpNilc8GVvNqBcyUBZvHqv3kvtIjaqED
         1B99jXZu2AIFVuJvFVWTHPMGPeWSAIvEkZPPWTrjmWy0GVsF3DROfisoZrd2fwA5yQ+W
         LIzee4h0kjvbD16Zayqatn19kDMU4bvKmKtgGxhOLi3GZvcWZex2xC2uRqU/flTZYazZ
         UCDs4k8o9uHOEqF64ckr5J7+/PJbfDLlS2ZcdXWqeFVER8HoPdxrbQrHURqz+RPg6Rc3
         2DFfvaNdIjiOH1bEhXVdj9eF5ycYUfsM/57GSOp3tw4kaCoYUUz4huji6+w1TqI99VOk
         Zj8Q==
X-Gm-Message-State: AC+VfDzrWpjnLVkezwV9WCwHmN7kdfgiLQoudXvmWWcNQh4tqWgHBiJZ
	VTXVu8gIhZ5Aov7pDv7F09o0xbU7ZifbvCkjjppP
X-Google-Smtp-Source: ACHHUZ57JDqGgS/uAWi4XXuD+Aw3Brz4iCdRPH0YMiqpZ3PYVd37YzF/qiHvizGQHZkqKkRe+0+w3obMHGqdV1gyjoM=
X-Received: by 2002:a81:138d:0:b0:559:f517:a72d with SMTP id
 135-20020a81138d000000b00559f517a72dmr2939441ywt.14.1683300215767; Fri, 05
 May 2023 08:23:35 -0700 (PDT)
MIME-Version: 1.0
References: <20230504213002.56803-1-michael.mccracken@gmail.com>
 <fbf37518-328d-c08c-7140-5d09d7a2674f@redhat.com> <87pm7f9q3q.fsf@gentoo.org> <c50ac5e4-3f84-c52a-561d-de6530e617d7@redhat.com>
In-Reply-To: <c50ac5e4-3f84-c52a-561d-de6530e617d7@redhat.com>
From: Paul Moore <paul@paul-moore.com>
Date: Fri, 5 May 2023 11:23:24 -0400
Message-ID: <CAHC9VhTX3ohxL0i3vT8sObQ+v+-TOK95+EH1DtJZdyMmrm3A2A@mail.gmail.com>
Subject: Re: [PATCH] sysctl: add config to make randomize_va_space RO
To: David Hildenbrand <david@redhat.com>
Cc: Sam James <sam@gentoo.org>, Michael McCracken <michael.mccracken@gmail.com>, 
	linux-kernel@vger.kernel.org, serge@hallyn.com, tycho@tycho.pizza, 
	Luis Chamberlain <mcgrof@kernel.org>, Kees Cook <keescook@chromium.org>, 
	Iurii Zaikin <yzaikin@google.com>, Andrew Morton <akpm@linux-foundation.org>, 
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, 
	kernel-hardening@lists.openwall.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, May 5, 2023 at 11:15=E2=80=AFAM David Hildenbrand <david@redhat.com=
> wrote:
> On 05.05.23 09:46, Sam James wrote:
> > David Hildenbrand <david@redhat.com> writes:
> >> On 04.05.23 23:30, Michael McCracken wrote:
> >>> Add config RO_RANDMAP_SYSCTL to set the mode of the randomize_va_spac=
e
> >>> sysctl to 0444 to disallow all runtime changes. This will prevent
> >>> accidental changing of this value by a root service.
> >>> The config is disabled by default to avoid surprises.

...

> If we really care, not sure what's better: maybe we want to disallow
> disabling it only in a security lockdown kernel?

If we're bringing up the idea of Lockdown, controlling access to
randomize_va_space is possible with the use of LSMs.  One could easily
remove write access to randomize_va_space, even for tasks running as
root.

(On my Rawhide system with SELinux enabled)
% ls -Z /proc/sys/kernel/randomize_va_space
system_u:object_r:proc_security_t:s0 /proc/sys/kernel/randomize_va_space

--=20
paul-moore.com