From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3497EC54E68 for ; Tue, 19 Mar 2024 23:10:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8F7CB6B0083; Tue, 19 Mar 2024 19:10:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8A72E6B0085; Tue, 19 Mar 2024 19:10:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 76EEA6B0088; Tue, 19 Mar 2024 19:10:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 66EAF6B0083 for ; Tue, 19 Mar 2024 19:10:16 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id DE882C0C32 for ; Tue, 19 Mar 2024 23:10:15 +0000 (UTC) X-FDA: 81915333990.18.FE4E76D Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180]) by imf26.hostedemail.com (Postfix) with ESMTP id E45F4140011 for ; Tue, 19 Mar 2024 23:10:13 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=BxGzJxGU; dmarc=pass (policy=none) header.from=paul-moore.com; spf=pass (imf26.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=paul@paul-moore.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710889814; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=C+dHH9ODplRPDsF7SLLanW1hsK5MRMZ53v3XJwlytqw=; b=N3USde5OJcD7gcmircUtZOVkTawVRTrgwsaTk9VNJB2MJRco7K3euzb5XL1kkMgnSBKfLy C1nY3NNrnpRpq/QmlX+lCiGY3ioqiXM3vM5V7A9Njk0DchQc781f0L4GrRfG50UDdBslC4 rVKK2kuXWNEmSPs4uRC/MY29bBrT5Vw= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=BxGzJxGU; dmarc=pass (policy=none) header.from=paul-moore.com; spf=pass (imf26.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=paul@paul-moore.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710889814; a=rsa-sha256; cv=none; b=EVGdG+1thKfHb/dWKdK1QzVyT2xGfzxCdXx1RpqPUYkPDEb7VVA3gRgXKRQRRE+S3E0jRQ ZHFmda+SWbFo5Gq+sSwFBeA0S5ubpUwns58BKkAf6ouqXftoJb68tBLSxrp+hVgXoc77VA Fpk8IwWFdzHgvVUW1YSxsg+hu18QrYg= Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-dcc84ae94c1so5563864276.1 for ; Tue, 19 Mar 2024 16:10:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1710889813; x=1711494613; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C+dHH9ODplRPDsF7SLLanW1hsK5MRMZ53v3XJwlytqw=; b=BxGzJxGUNDDAZRFwvu2kDnQriu+dCizPt+HbyCReYldzYbXJR1seR99oxtjaZRsrJD CGcIiQufmm/4blMIcw0ZsFg3JDSSUHfsS/G+O85PSP/SI2FqC7GsSznx0d0VDbnyzE/y AcrDOHgfsYmxAlXEFXIEQsljE2q0SFFJRj8EtXeMif0BzpHwOGTMjneFyQq1UCw9R/NK 8cVgYh3e7PoTE6hfNl/IKr2iiAfLSw95YN9xpG3jtNNZ9ErW2wdzhqtTXJCcSrMowK4V wjJsn4/AH9NMeGQey5PXezc+w1OSgDgX+EfdXj5jUmAHZMRS2BzKN1sh9KIFm7m7kPCa BgdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710889813; x=1711494613; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C+dHH9ODplRPDsF7SLLanW1hsK5MRMZ53v3XJwlytqw=; b=DFmuFdBYVIsKQmeM+Cz9AzHhvfbZCndTwhNHmTnTCmxbzk9W/RGdNEqc1nvlWXEemx ukoKay57xNMnxey9NYYOe3FT0Rw8z8N8m1rCnpaYBXUkAUvED5bkMSWXYKFjGxYNVB7r 8E3Tx2etmjzr5Cc6OPVOZX31sYpD0ey9kOjG8eINVsP9LHF50+ueZDQeAHZJNvBBxApA rkjn1754laqZG4wEDmW+TblnUj8eTbecWWPVCCotpK/UJdwXhdVqz337xCEg+w4yCwe1 4mFWcL40242rxTsMf2lO7p/rmAR8WHzFlV/3Yc1M7uiJ+WGTtW+uUiD+nMC2B4QGXR2/ VEHw== X-Forwarded-Encrypted: i=1; AJvYcCXzvZefWsUl+lOtgvULZQJCxrHt3hzsQQZEJ9iXnEI1JZgiV605gmwxBg8u2wVT0u2ktgG8rvyb4WayCUow8CD5rEg= X-Gm-Message-State: AOJu0YzeJ+wJrxE2I0MCNhVkEc2dfVYd/5AbvxgEY6BsboQzLjVKExNZ E7ElwMhiQOpwOF1lvKrPNDpdVt+wGPsbDXgPIq6aE80Cgd7sUe0BZ1sD7yj1hnIYLl5a7AOR4tf pGLQqsbXwSilVH/oACcQqSMqUZaw9UUlrKcoT X-Google-Smtp-Source: AGHT+IG3Yh4bbfa1wN00q4KaF6p48afEQKOxM8IY1af14YL2d/7MolgsUvabXrQz8hWdkCEJDKcZlgNSYZvMusHk3aM= X-Received: by 2002:a25:a547:0:b0:dc6:cf96:2956 with SMTP id h65-20020a25a547000000b00dc6cf962956mr14662766ybi.44.1710889812886; Tue, 19 Mar 2024 16:10:12 -0700 (PDT) MIME-Version: 1.0 References: <20240315181032.645161-1-cgzones@googlemail.com> <20240315181032.645161-2-cgzones@googlemail.com> <5368DC74-41CF-4450-AF6F-FFB51EFCCF99@kernel.org> In-Reply-To: <5368DC74-41CF-4450-AF6F-FFB51EFCCF99@kernel.org> From: Paul Moore Date: Tue, 19 Mar 2024 19:10:02 -0400 Message-ID: Subject: Re: [RFC PATCH 1/2] lsm: introduce new hook security_vm_execstack To: Kees Cook Cc: =?UTF-8?Q?Christian_G=C3=B6ttsche?= , linux-security-module@vger.kernel.org, Eric Biederman , Kees Cook , Alexander Viro , Christian Brauner , Jan Kara , James Morris , "Serge E. Hallyn" , Khadija Kamran , Andrii Nakryiko , Casey Schaufler , Alexei Starovoitov , Ondrej Mosnacek , Roberto Sassu , Alfred Piccioni , John Johansen , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: E45F4140011 X-Stat-Signature: xdwhkbmyq4sft4oxextc6uhm4kphdfzd X-HE-Tag: 1710889813-162298 X-HE-Meta: U2FsdGVkX18PbLOD9gcqKtKxjandfEeYpB9+chK26TwL5/oxNFft9Q43YFAIqVNmXgQoODWtTsqVqy7ZnfPvS8GQImf+v2y5HoJ89N784XSCm5pC6UzsL4UoBR6uUW6mqGEkdH5WJC0g781MXw+MtMEllvpCzllL+zm09c4Ppm9Bc9ght0Vpvo2+YRORc99d8owUZ45lwX06WeTHPQQZsFQYQ0Lj9lZJ3si4Z4RKDEyOTlzVVqO4gItymzCta5rn4AxFYaCDEaP2Bsrj/uUxYQtniRltUKlBMW70oYHmuHCM395MmnHvmii87zmoE2vqsCEwmhosn0HEU1QVmAcP6KN+YH5bbIDTPnrpwxcY+PWOdybQwHV/KoULsZUy//p/DkXyySwx9DzR3aoGRXIncA0HGqZ1rBlZykY24werfahrS4sSDWjSVa3Feq7xxFS3gm2XXDVAz/A53MBhxa9CdQiV2wMJ6l03UcdmOTPlqNBiqEXrgxAXYk15vOQwKb8xwvrinZUvYSAm/KLNtjgAH3sxBBS5V9NAHH7Ug4DvQhWYYqzTGbLyLbaXzLel27wNeaNlAdWeiVIhSuT04pesY958yQYxP3tBV92dcmWY3oIsnrFRuqATyHlgusJ4UbF7wSJPXJCBh78CLWpVnzdGiNl5THGtL5sOpIL7M0QnM8bgvAwOFr26pNdicgaz5GwZm4DtYMfajzGW5xsivQVoFwhGXgx2ugwwu93pVMuxn5VPZolHFq4nkD8qmhiULx5JZqI5wht2t83iyyH2MLxvDt3zh9eqme9/76nPmXajKZ7MaZjXuFHnzyKVYy1v1nyyGWhlZOoDVNXNIWVh3vxpw+LFsXjPVCeMwHQmBCg+pECZASr0zM+1AT/RA9Qmiw0MwaWJfiVcm2aWa4mKAn9eX1GJKIJMnmWZLRpbU8LD4SifdMwGk4wewK4je6NMZUMXvsCj8gEXUtM0atvsnil SFJNXvXO MJg2vMPAtssNMi60sSss/E8htnMaO2BdIjAbXe2cU/65/IRAxoxz6oCEPnsyl3LrqoAhHCi/usoEqi3ZZpvzn3m4J8kBrb0Y+f/1RCSb+OGHUkdmQMH4DXAX+3bN6orKUeWAy0hFtfeWBnnF8f0E6CstjM6C5OaiT4Igw/oNwW+JAX4MBZcQj3XR+iS+CHy9r1M1qEqHnL8D3sI5rb4o6/ZrhRjjCEC1E7PuhJjhlrGJH28woPu3zF4o3mKwBZBO4idisYI7VwzB96/rh9LT1ZPQF6XOYa6DP6R8qWLvF72dZjolk1SGyg6WNcJkDaAqr5DTuxduGs+lCyv/qkyCWc+t8xonZUSC4YjsrqgeW/JUR+7G6piMFp1FOcS62QKbUSZQu0oJ0E+4HaZZngtfYC/YnmdEP1tZYp9uLB5cknhvC0NoRvzx5i0J1OLixq9z5tktwC9LCZdCG3TTYkL6iNrY1BA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 15, 2024 at 11:24=E2=80=AFPM Kees Cook wrote: > On March 15, 2024 1:22:39 PM PDT, Paul Moore wrote: > >On Fri, Mar 15, 2024 at 2:10=E2=80=AFPM Christian G=C3=B6ttsche > > wrote: > >> > >> Add a new hook guarding instantiations of programs with executable > >> stack. They are being warned about since commit 47a2ebb7f505 ("execve= : > >> warn if process starts with executable stack"). Lets give LSMs the > >> ability to control their presence on a per application basis. > >> > >> Signed-off-by: Christian G=C3=B6ttsche > >> --- > >> fs/exec.c | 4 ++++ > >> include/linux/lsm_hook_defs.h | 1 + > >> include/linux/security.h | 6 ++++++ > >> security/security.c | 13 +++++++++++++ > >> 4 files changed, 24 insertions(+) > > > >Looking at the commit referenced above, I'm guessing the existing > >security_file_mprotect() hook doesn't catch this? > > > >> diff --git a/fs/exec.c b/fs/exec.c > >> index 8cdd5b2dd09c..e6f9e980c6b1 100644 > >> --- a/fs/exec.c > >> +++ b/fs/exec.c > >> @@ -829,6 +829,10 @@ int setup_arg_pages(struct linux_binprm *bprm, > >> BUG_ON(prev !=3D vma); > >> > >> if (unlikely(vm_flags & VM_EXEC)) { > >> + ret =3D security_vm_execstack(); > >> + if (ret) > >> + goto out_unlock; > >> + > >> pr_warn_once("process '%pD4' started with executable s= tack\n", > >> bprm->file); > >> } > > > >Instead of creating a new LSM hook, have you considered calling the > >existing security_file_mprotect() hook? The existing LSM controls > >there may not be a great fit in this case, but I'd like to hear if > >you've tried that, and if you have, what made you decide a new hook > >was the better option? > > Also, can't MDWE handle this already? > https://git.kernel.org/linus/b507808ebce23561d4ff8c2aa1fb949fe402bc61 It looks like it, but that doesn't mean there isn't also value in an associated LSM hook as the LSM hook would admins and security policy developers/analysts to incorporate this as part of the system's security policy. It's great that we have all of these cool knobs that we can play with independent of each other, but sometimes you really want a single unified security policy that you can look at, analyze, and reason about. Regardless, my previous comments still stand, I'd like to hear verification that the existing security_file_mprotect() hook is not sufficient, and if its current placement is lacking, why calling it from a second location wasn't practical and required the creation of a new LSM hook. --=20 paul-moore.com