Re: [PATCH] Adding YAMA hooks also when YAMA is not stacked.

Ah! Good catch, thank you! CONFIG based stacking for Yama will be removed 4.3, but this is appropriate for fixing in 4.2. Thank you very much for your time! Salvatore Mesoraca -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord

[PATCH] Adding return value to securityfs_remove.

to securityfs_remove so that the caller knows if it succeeded or not. Signed-off-by: Salvatore Mesoraca s.mesorac...@gmail.com --- include/linux/security.h | 4 ++-- security/inode.c | 14 +- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include

[PATCH] Adding YAMA hooks also when YAMA is not stacked.

Without this patch YAMA will not work at all if it is chosen as the primary LSM instead of being stacked. Signed-off-by: Salvatore Mesoraca s.mesorac...@gmail.com --- security/yama/yama_lsm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c

Re: [PATCH] Adding YAMA hooks also when YAMA is not stacked.

It looks like your mailer is converting tabs to spaces, please fix and resend. I'm sorry for this. I'm resending a fixed V2. Salvatore Mesoraca -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info

[PATCH V2] Adding YAMA hooks also when YAMA is not stacked.

Without this patch YAMA will not work at all if it is chosen as the primary LSM instead of being stacked. Signed-off-by: Salvatore Mesoraca s.mesorac...@gmail.com --- V1-V2: Tabs issue fixed. --- security/yama/yama_lsm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/yama

[PATCH V2] Adding YAMA hooks also when YAMA is not stacked.

Without this patch YAMA will not work at all if it is chosen as the primary LSM instead of being stacked. Signed-off-by: Salvatore Mesoraca s.mesorac...@gmail.com --- V1-V2: Tabs issue fixed. --- security/yama/yama_lsm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/yama

Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM

2017-07-11 1:40 GMT+02:00 Mickaël Salaün <m...@digikod.net>: > > On 10/07/2017 09:59, Salvatore Mesoraca wrote: >> 2017-07-09 21:35 GMT+02:00 Mickaël Salaün <m...@digikod.net>: >>> Hi, >>> >>> I think it make sense to merge the W^X feature

Re: [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM

2017-07-09 21:35 GMT+02:00 Mickaël Salaün : > Hi, > > I think it make sense to merge the W^X features with the TPE/shebang LSM > [1]. > > Regards, > Mickaël > > [1] > https://lkml.kernel.org/r/d9aca46b-97c6-4faf-b559-484feb4aa...@digikod.net Hi, Can you elaborate why it would

Re: [RFC v2 7/9] Trampoline emulation

2017-06-28 1:13 GMT+02:00 Kees Cook <keesc...@chromium.org>: > On Thu, Jun 15, 2017 at 9:42 AM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Some programs need to generate part of their code at runtime. Luckily >> enough, in some cases they only gene

Re: [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook

2017-06-28 1:07 GMT+02:00 Kees Cook <keesc...@chromium.org>: > On Thu, Jun 15, 2017 at 9:42 AM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Creation of a new hook to let LSM modules handle user-space pagefaults on >> x86. >> It can be used to avoid

Re: [RFC v2 5/9] S.A.R.A. WX Protection

2017-06-28 1:04 GMT+02:00 Kees Cook <keesc...@chromium.org>: > On Thu, Jun 15, 2017 at 9:42 AM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> +static int sara_check_vmflags(vm_flags_t vm_flags) >> +{ >> + u16 sara_wx

Re: [RFC v2 3/9] Creation of "check_vmflags" LSM hook

2017-06-28 1:05 GMT+02:00 Kees Cook <keesc...@chromium.org>: > On Thu, Jun 15, 2017 at 9:42 AM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Creation of a new LSM hook to check if a given configuration of vmflags, >> for a new memory allocation request, sho

Re: [PATCH 01/11] S.A.R.A. Documentation

2017-06-28 0:51 GMT+02:00 Kees Cook <keesc...@chromium.org>: > On Mon, Jun 12, 2017 at 9:56 AM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Adding documentation for S.A.R.A. LSM. >> >> Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.co

[PATCH 02/11] S.A.R.A. framework creation

-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/lsm_hooks.h | 5 + security/Kconfig | 1 + security/Makefile | 2 + security/sara/Kconfig | 42 +++ security/sara/Makefile | 3 + security/sara/include/

[PATCH 09/11] Trampoline emulation

rampolines. This feature is implemented only on x86_32 and x86_64. The assembly sequences used here were originally obtained from PaX source code. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/Kconfig | 17 security/sara/include/tra

[PATCH 00/11] S.A.R.A. a new stacked LSM

mit message" of the following emails. [1] https://github.com/smeso/saractl [2] https://github.com/smeso/sara-test Salvatore Mesoraca (11): S.A.R.A. Documentation S.A.R.A. framework creation Creation of "usb_device_auth" LSM hook S.A.R.A. USB Filtering Creation of "

[PATCH 08/11] Creation of "pagefault_handler_x86" LSM hook

Creation of a new hook to let LSM modules handle user-space pagefaults on x86. It can be used to avoid segfaulting the originating process. If it's the case it can modify process registers before returning. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> Cc: x...@kernel.org Cc

[PATCH 05/11] Creation of "check_vmflags" LSM hook

Creation of a new LSM hook to check if a given configuration of vmflags, for a new memory allocation request, should be allowed or not. It's placed in "do_mmap", "do_brk_flags" and "__install_special_mapping". Signed-off-by: Salvatore Mesoraca <s.mesorac...@

[PATCH 01/11] S.A.R.A. Documentation

Adding documentation for S.A.R.A. LSM. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- Documentation/admin-guide/kernel-parameters.txt | 40 + Documentation/security/00-INDEX | 2 + Documentation/security/SARA.rst

[PATCH 03/11] Creation of "usb_device_auth" LSM hook

gher level of granularity than the current authorization interface. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> Cc: linux-...@vger.kernel.org Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org> --- drivers/usb/core/hub.c| 4 drivers/usb/core/sysfs.c | 6 +- include

[PATCH 04/11] S.A.R.A. USB Filtering

both as a white list or as a black list. The original idea is inspired by the Grsecurity "Deny USB" feature. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/Kconfig | 41 security/sara/Makefile| 1 + security/sara/include

[PATCH 11/11] S.A.R.A. WX Protection procattr interface

here: https://github.com/smeso/saralib Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/wxprot.c | 123 + 1 file changed, 123 insertions(+) diff --git a/security/sara/wxprot.c b/security/sara/wxprot.c index 44e42be..0

[PATCH 07/11] S.A.R.A. WX Protection

RELRO section will be marked read only. Parts of WX Protection are inspired by some of the features available in PaX. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/Kconfig | 75 + security/sara/Makefile | 1 + security/sara/include/wx

[PATCH 10/11] Allowing for stacking procattr support in S.A.R.A.

This allow S.A.R.A. to use the procattr interface without interfering with other LSMs. This part should be reimplemented as soon as upstream procattr stacking support is available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- fs/proc/base.c

[PATCH 06/11] S.A.R.A. cred blob management

stream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/cred.h | 3 ++ security/sara/Makefile| 2 +- security/sara/include/sara_data.h | 47 +++

Re: [PATCH 04/11] S.A.R.A. USB Filtering

2017-06-20 9:07 GMT+02:00 Pavel Machek : > Hmm. Given that USB device provides vendor id/product id, this does > not really stop anyone, right? > > AFAICT you can still get USB stick with vid/pid of logitech keyboard, > and kernel will recognize it as a usb stick. There are a number

Re: [PATCH 05/11] Creation of "check_vmflags" LSM hook

2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Have the hook return a value and return that rather > than -EPERM. That way a security module can choose an > error that it determines is appropriate. It is possible > that a module might want to deny the access for a reason >

Re: [PATCH 05/11] Creation of "check_vmflags" LSM hook

2017-06-13 8:34 GMT+02:00 Christoph Hellwig : > Please always post the whole series including the users, thanks. I'm sorry for the inconvenience, it won't happen again. Thank you for your comment.

Re: [kernel-hardening] [RFC v2 7/9] Trampoline emulation

2017-06-15 18:47 GMT+02:00 : > Thanks for doing this porting work. Look forward to using GRSecurity/PAX > features on ARM eventually. ARM's taking over as we know. x86 is almost > done. Do you have any suggestion about potential use of trampoline emulation on ARM?

[RFC v2 1/9] S.A.R.A. Documentation

Adding documentation for S.A.R.A. LSM. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- Documentation/admin-guide/kernel-parameters.txt | 23 Documentation/security/00-INDEX | 2 + Documentation/security/SARA.rst

[RFC v2 0/9] S.A.R.A. a new stacked LSM

one via procattr interface only apply to current thread. (suggested by Jann Horn) [1] https://github.com/smeso/saractl [2] https://github.com/smeso/sara-test Salvatore Mesoraca (9): S.A.R.A. Documentation S.A.R.A. framework creation Creation of "check_vmflags" LSM hook

[RFC v2 8/9] Allowing for stacking procattr support in S.A.R.A.

This allow S.A.R.A. to use the procattr interface without interfering with other LSMs. This part should be reimplemented as soon as upstream procattr stacking support is available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- fs/proc/base.c

[RFC v2 9/9] S.A.R.A. WX Protection procattr interface

-in. This feature can be use to run the JIT compiler with few restrictions while enforcing full WX Protection in the rest of the program. To simplify access to this interface a CC0 licensed library is available here: https://github.com/smeso/libsara Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.

[RFC v2 4/9] S.A.R.A. cred blob management

stream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/cred.h | 3 ++ security/sara/Makefile| 2 +- security/sara/include/sara_data.h | 47 +++

[RFC v2 7/9] Trampoline emulation

rampolines. This feature is implemented only on x86_32 and x86_64. The assembly sequences used here were originally obtained from PaX source code. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/Kconfig | 17 security/sara/include/tra

[RFC v2 5/9] S.A.R.A. WX Protection

RELRO section will be marked read only. Parts of WX Protection are inspired by some of the features available in PaX. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/Kconfig | 75 + security/sara/Makefile | 1 + security/sara/include/wx

[RFC v2 2/9] S.A.R.A. framework creation

-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/lsm_hooks.h | 5 + security/Kconfig | 1 + security/Makefile | 2 + security/sara/Kconfig | 42 +++ security/sara/Makefile | 3 + security/sara/include/

[RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook

oesn't introduce new exploit vectors. - It's a feature that can be turned on only if needed, on a per executable file basis. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- arch/x86/mm/fault.c | 6 ++ include/linux/lsm_hooks.h | 9 + include/linux/security.h

[RFC v2 3/9] Creation of "check_vmflags" LSM hook

Creation of a new LSM hook to check if a given configuration of vmflags, for a new memory allocation request, should be allowed or not. It's placed in "do_mmap", "do_brk_flags" and "__install_special_mapping". Signed-off-by: Salvatore Mesoraca <s.mesorac

Re: [PATCH 08/11] Creation of "pagefault_handler_x86" LSM hook

2017-06-12 19:32 GMT+02:00 Thomas Gleixner : > That explains, what you could do with it, but it completely lacks any > rationale WHY this is desired and good behaviour and how that is a security > feature. You are right, I could have been more descriptive. This is not a

Re: [kernel-hardening] [PATCH 01/11] S.A.R.A. Documentation

2017-06-12 19:49 GMT+02:00 Jann Horn <ja...@google.com>: > On Mon, Jun 12, 2017 at 6:56 PM, Salvatore Mesoraca > As far as I can tell, the wxprot interface in procfs, when used as > /proc/PID/attr/sara/wxprot, actually only sets restrictions on one of the > threads. > The

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

2017-06-12 19:35 GMT+02:00 Krzysztof Opasiak : > Could you please explain me why we need LSM for this? > > There are tools like usbguard[1] and as far as I can tell it looks like they > can do everything for you... I have to admit that this is the first time I read about

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

2017-06-12 21:38 GMT+02:00 Greg Kroah-Hartman : > No, like Krzysztof said, you can already do this today, just fine, from > userspace. I think that support has been there for over a decade now, > why are you not taking advantage of this already? > No need to add extra

Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

2017-06-12 23:31 GMT+02:00 Casey Schaufler : > Return the error reported by the hook rather than -EPERM. Agreed, anyway this part will be, probably, dropped in the next version (read Greg and Krzysztof answers). I'm sorry :( Thank you very much for the time you spent on

[RFC] Restrict writes into untrusted FIFOs and regular files

on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer . Suggested-by: Solar Designer <so...@openwall.com> Suggested-by: Kees Cook <keesc...@chromium.org> Si

Re: [kernel-hardening] [RFC v3 0/9] S.A.R.A. a new stacked LSM

2017-09-18 20:07 GMT+02:00 Jordan Glover : > Hi, Hi! > I tested this S.A.R.A LSM and it works well. It's nice replacement for PaX > mprotect feature from grsecurity patschset. It doesn't need much learning > curve as SElinux. I hope it will be accepted in mainline.

Re: [RFC] Restrict writes into untrusted FIFOs and regular files

2017-09-19 2:37 GMT+02:00 Solar Designer <so...@openwall.com>: > On Mon, Sep 18, 2017 at 02:00:50PM -0700, Kees Cook wrote: >> On Fri, Sep 15, 2017 at 1:43 AM, Salvatore Mesoraca <s.mesorac...@gmail.com> >> wrote: >> > The purpose is to make data spoofing a

Re: [RFC] Restrict writes into untrusted FIFOs and regular files

2017-09-18 23:00 GMT+02:00 Kees Cook <keesc...@chromium.org>: > On Fri, Sep 15, 2017 at 1:43 AM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Disallows writing into FIFOs or regular files not owned by the user >> in world writable sticky directories

[RFC v3 5/9] S.A.R.A. WX Protection

RELRO section will be marked read only. Parts of WX Protection are inspired by some of the features available in PaX according to my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: Salvatore Me

[RFC v3 1/9] S.A.R.A. Documentation

Adding documentation for S.A.R.A. LSM. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- Documentation/admin-guide/LSM/SARA.rst | 170 Documentation/admin-guide/LSM/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt

[RFC v3 7/9] Trampoline emulation

y/PaX code. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- security/sara/Kconfig | 18 security/sara/include/trampolines.h | 173 security/sara/wxprot.c | 140 + 3 files changed

[RFC v3 0/9] S.A.R.A. a new stacked LSM

so, for the moment, I didn't move it. [1] https://github.com/smeso/saractl [2] https://github.com/smeso/sara-test Salvatore Mesoraca (9): S.A.R.A. Documentation S.A.R.A. framework creation Creation of "check_vmflags" LSM hook S.A.R.A. cred blob management S.A.R.

[RFC v3 3/9] Creation of "check_vmflags" LSM hook

Creation of a new LSM hook to check if a given configuration of vmflags, for a new memory allocation request, should be allowed or not. It's placed in "do_mmap", "do_brk_flags" and "__install_special_mapping". Signed-off-by: Salvatore Mesoraca <s.mesorac

[RFC v3 9/9] S.A.R.A. WX Protection procattr interface

-in. This feature can be use to run the JIT compiler with few restrictions while enforcing full WX Protection in the rest of the program. To simplify access to this interface a CC0 licensed library is available here: https://github.com/smeso/libsara Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.

[RFC v3 8/9] Allowing for stacking procattr support in S.A.R.A.

This allow S.A.R.A. to use the procattr interface without interfering with other LSMs. This part should be reimplemented as soon as upstream procattr stacking support is available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- fs/proc/base.c

[RFC v3 2/9] S.A.R.A. framework creation

-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/lsm_hooks.h | 5 + security/Kconfig | 1 + security/Makefile | 2 + security/sara/Kconfig | 43 +++ security/sara/Makefile | 3 + security/sara/include/

[RFC v3 6/9] Creation of "pagefault_handler" LSM hook

new exploit vectors. - It's a feature that can be turned on only if needed, on a per executable file basis. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- arch/Kconfig | 6 ++ arch/x86/Kconfig | 1 + arch/x86/mm/fault.c | 6 ++ incl

[RFC v3 4/9] S.A.R.A. cred blob management

stream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/cred.h | 3 ++ security/sara/Makefile| 2 +- security/sara/include/sara_data.h | 47 +++

Re: [kernel-hardening] [RFC v2 2/2] Protected O_CREAT open in sticky directory

2017-09-26 16:40 GMT+02:00 Jann Horn <ja...@google.com>: > On Tue, Sep 26, 2017 at 4:14 PM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Disallows O_CREAT open missing the O_EXCL flag, in world or >> group writable directories, even if the file doesn't exi

[RFC v2 1/2] Protected FIFOs and regular files

particular attack vector. In fact, before symlinks restrictions, fifos/regular files were not the favorite vehicle to exploit them. Suggested-by: Solar Designer <so...@openwall.com> Suggested-by: Kees Cook <keesc...@chromium.org> Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmai

[RFC v2 2/2] Protected O_CREAT open in sticky directory

. This feature allows to detect and potentially block programs that act this way and can be used to find vulnerabilities (like those prevented by patch #1) and to do policy enforcement. Suggested-by: Solar Designer <so...@openwall.com> Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com>

[RFC v2 0/2] Restrict dangerous open in sticky directories

in respective commit messages. Salvatore Mesoraca (2): Protected FIFOs and regular files Protected O_CREAT open in sticky directory Documentation/sysctl/fs.txt | 66 + fs/namei.c | 118 ++-- include/linux/fs.h

Re: [RFC v3 0/9] S.A.R.A. a new stacked LSM

I've noticed that some of the latest upstream commits broke S.A.R.A. And now it doesn't compile. The fix is trivial (just some reordering in a function arguments' list) so I prefer to not flood the lists with a v4 with just for 2 lines change. For review and comments the code posted here is still

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 12:53 GMT+01:00 David Laight <david.lai...@aculab.com>: > From: Salvatore Mesoraca [mailto:s.mesorac...@gmail.com] >> Sent: 24 November 2017 11:44 >> >> 2017-11-24 11:53 GMT+01:00 David Laight <david.lai...@aculab.com>: >> > From: A

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-23 23:57 GMT+01:00 Tobin C. Harding <m...@tobin.cc>: > On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: > > Same caveat about this being English language comments only as for patch > 1/2. Please ignore if this is too trivial. My grammar is a long

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 11:53 GMT+01:00 David Laight <david.lai...@aculab.com>: > From: Alan Cox >> Sent: 22 November 2017 16:52 >> >> On Wed, 22 Nov 2017 09:01:46 +0100 >> Salvatore Mesoraca <s.mesorac...@gmail.com> wrote: >> >> > Disallows O_CREAT open mi

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-22 17:51 GMT+01:00 Alan Cox <gno...@lxorguk.ukuu.org.uk>: > On Wed, 22 Nov 2017 09:01:46 +0100 > Salvatore Mesoraca <s.mesorac...@gmail.com> wrote: > >> Disallows O_CREAT open missing the O_EXCL flag, in world or >> group writable directories, e

Re: [kernel-hardening] [PATCH v3 1/2] Protected FIFOs and regular files

2017-11-23 23:43 GMT+01:00 Tobin C. Harding <m...@tobin.cc>: > On Wed, Nov 22, 2017 at 09:01:45AM +0100, Salvatore Mesoraca wrote: > > Please take these comments in all humility, my English is a long way > from perfect. These are English grammar comments only. If this is viewed &

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-22 14:22 GMT+01:00 Matthew Wilcox <wi...@infradead.org>: > On Wed, Nov 22, 2017 at 09:01:46AM +0100, Salvatore Mesoraca wrote: >> +An O_CREAT open missing the O_EXCL flag in a sticky directory is, >> +often, a bug or a synthom of the fact that the program is not

[PATCH v3 2/2] Protected O_CREAT open in sticky directories

, it probably has a bug. This feature allows to detect and potentially block programs that act this way, it can be used to find vulnerabilities (like those prevented by patch #1) and to do policy enforcement. Suggested-by: Solar Designer <so...@openwall.com> Signed-off-by: Salvatore Mesoraca <

[PATCH v3 0/2] Restrict dangerous open in sticky directories

more easily. Salvatore Mesoraca (2): Protected FIFOs and regular files Protected O_CREAT open in sticky directories Documentation/sysctl/fs.txt | 66 + fs/namei.c | 117 ++-- include/linux/fs.h | 3

[PATCH v3 1/2] Protected FIFOs and regular files

particular attack vector. In fact, before symlinks restrictions, fifos/regular files were not the favorite vehicle to exploit them. Suggested-by: Solar Designer <so...@openwall.com> Suggested-by: Kees Cook <keesc...@chromium.org> Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmai

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-27 1:26 GMT+01:00 Solar Designer <so...@openwall.com>: > On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > > 2017-11-24 11:53 GMT+01:00 David Laight <david.lai...@aculab.com>: > > > From: Alan Cox > > >> Sent: 22 November 2017

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-30 17:30 GMT+01:00 Solar Designer <so...@openwall.com>: > Replying to Salvatore and Ian at once, and CC'ing H. Peter Anvin and > Karel Zak for util-linux flock(1). > > On Thu, Nov 30, 2017 at 02:57:06PM +, Ian Campbell wrote: > > On Thu, 2017-11-30 at 15:39 +

[RFC v4 05/10] S.A.R.A. WX Protection

RELRO section will be marked read only. Parts of WX Protection are inspired by some of the features available in PaX according to my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: Salvatore Me

[RFC v4 02/10] S.A.R.A. framework creation

-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/lsm_hooks.h | 5 + security/Kconfig | 1 + security/Makefile | 2 + security/sara/Kconfig | 40 +++ security/sara/Makefile | 3 + security/sara/include/

[RFC v4 07/10] Trampoline emulation

y/PaX code. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- arch/x86/Kbuild| 2 + arch/x86/security/Makefile | 2 + arch/x86/security/sara/Makefile| 1 + arch/x86/security/sara/emutramp.c | 55 arch/x

[RFC v4 04/10] S.A.R.A. cred blob management

stream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/linux/cred.h | 3 ++ security/sara/Makefile| 2 +- security/sar

[RFC v4 03/10] Creation of "check_vmflags" LSM hook

ook is also used to determine what to do with an RWE PT_GNU_STACK header. This allows LSM to force the loader to silently ignore executable stack markings, which is useful a thing to do when trampoline emulation is available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com&g

[RFC v4 08/10] Allowing for stacking procattr support in S.A.R.A.

This allow S.A.R.A. to use the procattr interface without interfering with other LSMs. This part should be reimplemented as soon as upstream procattr stacking support is available. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- fs/proc/base.c

[RFC v4 01/10] S.A.R.A. Documentation

Adding documentation for S.A.R.A. LSM. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- Documentation/admin-guide/LSM/SARA.rst | 173 Documentation/admin-guide/LSM/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt

[RFC v4 06/10] Creation of "pagefault_handler" LSM hook

new exploit vectors. - It's a feature that can be turned on only if needed, on a per executable file basis. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- arch/Kconfig | 6 ++ arch/x86/Kconfig | 1 + arch/x86/mm/fault.c | 6 ++ incl

[RFC v4 09/10] S.A.R.A. WX Protection procattr interface

-in. This feature can be use to run the JIT compiler with few restrictions while enforcing full WX Protection in the rest of the program. To simplify access to this interface a CC0 licensed library is available here: https://github.com/smeso/libsara Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.

[RFC v4 10/10] XATTRs support

Adds support for extended filesystem attributes in security and user namespaces. They can be used to override flags set via the centralized configuration, even when S.A.R.A. configuration is locked or saractl is not used at all. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.

[RFC v4 00/10] S.A.R.A. a new stacked LSM

th mentionig here. [1] https://github.com/smeso/saractl [2] https://github.com/smeso/sara-test Salvatore Mesoraca (10): S.A.R.A. Documentation S.A.R.A. framework creation Creation of "check_vmflags" LSM hook S.A.R.A. cred blob management S.A.R.A. WX Protection Creation of "pa

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-12-07 22:47 GMT+01:00 Solar Designer <so...@openwall.com>: > On Tue, Dec 05, 2017 at 11:21:00AM +0100, Salvatore Mesoraca wrote: > > 2017-11-30 17:30 GMT+01:00 Solar Designer <so...@openwall.com>: > > > $ strace flock /tmp/lockfile -c cat > > > [..

Re: [PATCH] net: dsa: drop some VLAs in switch.c

2018-03-13 21:06 GMT+01:00 Florian Fainelli <f.faine...@gmail.com>: > On 03/13/2018 12:58 PM, Vivien Didelot wrote: >> Hi Salvatore, >> >> Salvatore Mesoraca <s.mesorac...@gmail.com> writes: >> >>> dsa_switch's num_ports is currently fixed to D

[PATCH v2] net: dsa: drop some VLAs in switch.c

-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- include/net/dsa.h | 3 +++ net/dsa/dsa2.c| 14 ++ net/dsa/switch.c | 22 ++ 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/include/net/dsa.h b/include/net/dsa.h index 60fb4ec..576791d

Re: [PATCH v2] net: dsa: drop some VLAs in switch.c

2018-05-07 21:26 GMT+02:00 Andrew Lunn : >> >> +++ b/include/net/dsa.h >> >> @@ -256,6 +256,9 @@ struct dsa_switch { >> >> /* Number of switch port queues */ >> >> unsigned intnum_tx_queues; >> >> >> >> + unsigned long *bitmap; >> >> +

Re: [PATCH v2] net: dsa: drop some VLAs in switch.c

2018-05-08 11:39 GMT+02:00 David Laight <david.lai...@aculab.com>: > From: Salvatore Mesoraca >> Sent: 07 May 2018 20:03 > ... >> This optimization will save us an allocation when number of ports is >> less than 32 or 64 (depending on arch). >> IMHO it's use

Re: [PATCH v2] net: dsa: drop some VLAs in switch.c

2018-05-07 20:14 GMT+02:00 Florian Fainelli <f.faine...@gmail.com>: > On 05/07/2018 08:23 AM, Salvatore Mesoraca wrote: >> We avoid 2 VLAs by using a pre-allocated field in dsa_switch. >> We also try to avoid dynamic allocation whenever possible. >> >> Link: >&

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-06-04 18:57 GMT+02:00 Steve Kemp : >> A configurable LSM is probably the right way to do this. > > I wonder how many out of tree LSM there are? Looking at the mainline > kernel the only "small" LSM bundled is YAMA, and it seems that most of > the patches proposing new ones eventually die

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-05-26 17:48 GMT+02:00 Alexey Dobriyan <adobri...@gmail.com>: > On Sat, May 26, 2018 at 04:50:46PM +0200, Salvatore Mesoraca wrote: >> Prevent a task from opening, in "write" mode, any /proc/*/mem >> file that operates on the task's mm. >> /p

[PATCH] proc: prevent a task from writing on its own /proc/*/mem

A process can use it to overwrite read-only memory, making pointless the use of security_file_mprotect() or other ways to enforce RO memory. Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- fs/proc/base.c | 25 ++--- fs/proc/internal.h | 3 ++- fs

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-05-27 3:33 GMT+02:00 Linus Torvalds : > On Sat, May 26, 2018 at 5:32 PM Kees Cook wrote: > >> I went through some old threads from 2012 when e268337dfe26 was >> introduced, and later when things got looked at during DirtyCOW. There >> was

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-05-28 11:06 GMT+02:00 Jann Horn <ja...@google.com>: > On Sat, May 26, 2018 at 4:50 PM, Salvatore Mesoraca > <s.mesorac...@gmail.com> wrote: >> Prevent a task from opening, in "write" mode, any /proc/*/mem >> file that operates on the task's mm. &g

Re: [PATCH v2 0/2] crypto: removing various VLAs

2018-04-20 18:51 GMT+02:00 Herbert Xu <herb...@gondor.apana.org.au>: > On Mon, Apr 09, 2018 at 03:54:45PM +0200, Salvatore Mesoraca wrote: >> v2: >> As suggested by Herbert Xu, the blocksize and alignmask checks >> have been moved to crypto_check_alg. >

[PATCH] net: llc: drop VLA in llc_sap_mcast()

. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- net/llc/llc_sap.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c index d90928f..a7f7b8f 100644 --- a/net/llc/llc_sap.c +++

[PATCH] scsi: eata: drop VLA in reorder()

n_ready will always be less than or equal to MAX_MAILBOXES. So we avoid a VLA[1] and use fixed-length arrays instead. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- drivers/scsi/eata.c | 2 +- 1 file changed, 1 insertion(+), 1 de

[PATCH 2/2] net: rds: drop VLA in rds_walk_conn_path_info()

Avoid VLA[1] by using an already allocated buffer passed by the caller. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca <s.mesorac...@gmail.com> --- net/rds/connection.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/rds/connection.c

  1   2   3   4   >