Re: WARNING in apparmor_secid_to_secctx

On 2019/02/01 19:09, Dmitry Vyukov wrote: > Thanks for the explanations. > > Here is the change that I've come up with: > https://github.com/google/syzkaller/commit/aa53be276dc84aa8b3825b3416542447ff82b41a You are not going to apply this updated config to upstream kernels now, are you? Removing

[PATCH] LSM: Allow syzbot to ignore security= parameter.

On 2019/02/01 19:50, Dmitry Vyukov wrote: > On Fri, Feb 1, 2019 at 11:44 AM Tetsuo Handa > wrote: >> >> On 2019/02/01 19:09, Dmitry Vyukov wrote: >>> Thanks for the explanations. >>> >>> Here is the change that I've come up with: &

Re: WARNING in apparmor_secid_to_secctx

On 2019/01/30 23:45, Dmitry Vyukov wrote: >> Dmitry, is it possible to update configs for linux-next.git , for >> we want to test a big change in LSM which will go to Linux 5.1 ? >> >> TOMOYO security module (CONFIG_SECURITY_TOMOYO=y) can now coexist with >> SELinux/Smack/AppArmor security

Re: WARNING in apparmor_secid_to_secctx

On 2018/09/06 19:59, Dmitry Vyukov wrote: > On Wed, Sep 5, 2018 at 7:37 PM, Casey Schaufler > wrote: >> On 9/5/2018 4:08 AM, Dmitry Vyukov wrote: >>> Thanks! I've re-enabled selinux on syzbot: >>> https://github.com/google/syzkaller/commit/196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc >>> Now we will

Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock

On 2018/09/25 2:16, Casey Schaufler wrote: >> Not all of LKM-based LSMs use security blobs. And some of LKM-based LSMs >> might use security blobs for only a few objects. For example, AKARI uses >> inode security blob for remembering whether source address/port of an >> accept()ed socket was

Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock

On 2018/09/25 1:15, Casey Schaufler wrote:    Since all free hooks are called when one of init hooks failed, each    free hook needs to check whether init hook was called. An example is    inode_free_security() in security/selinux/hooks.c (but not addressed in    this patch).

Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock

On 2018/09/23 11:43, Kees Cook wrote: >>> I'm excited about getting this landed! >> >> Soon. Real soon. I hope. I would very much like for >> someone from the SELinux camp to chime in, especially on >> the selinux_is_enabled() removal. > > Agreed. > This patchset from Casey lands before the

Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock

On 2018/09/24 2:09, Casey Schaufler wrote: >> Since all free hooks are called when one of init hooks failed, each >> free hook needs to check whether init hook was called. An example is >> inode_free_security() in security/selinux/hooks.c (but not addressed in >> this patch). > > I

Re: [PATCH] selinux: Add __GFP_NOWARN to allocation at str_read()

On 2018/09/13 12:02, Paul Moore wrote: > On Fri, Sep 7, 2018 at 12:43 PM Tetsuo Handa > wrote: >> syzbot is hitting warning at str_read() [1] because len parameter can >> become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for >> this c

[PATCH] selinux: Add __GFP_NOWARN to allocation at str_read()

syzbot is hitting warning at str_read() [1] because len parameter can become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for this case. [1] https://syzkaller.appspot.com/bug?id=7f2f5aad79ea8663c296a2eedb81978401a908f0 Signed-off-by: Tetsuo Handa Reported-by: syzbot

Re: BUG: Mount ignores mount options

On 2018/08/10 23:05, Eric W. Biederman wrote: > > There is a serious problem with mount options today that fsopen does not > address. The problem is that mount options are ignored for block based > filesystems, and any other type of filesystem that follows the same > pattern. > > The script

Re: [PATCH 0/8] LSM: Security module stacking

Casey Schaufler wrote: > 1/8: Add the smack subdirectory to /proc/.../attr > 2/8: Move management of cred security blobs to the LSM infrastructure > 3/8: Move management of file security blobs to the LSM infrastructure > 4/8: Move management of task security blobs to the LSM infrastructure > 5/8:

Re: KASAN: slab-out-of-bounds Read in strcmp

Tetsuo Handa wrote: > which will allow strcmp() to trigger out of bound read when "size" is > larger than strlen(initial_sid_to_string[i]). Oops. "smaller" than. > > Thus, I guess the simplest fix is to use strncmp() instead of strcmp(). Can somebody test below

Re: KASAN: slab-out-of-bounds Read in strcmp

Stephen Smalley wrote: > > Thus, I guess the simplest fix is to use strncmp() instead of > > strcmp(). > > Already fixed by > https://www.spinics.net/lists/selinux/msg23589.html > OK, I thought everyone was too busy. I would appreciate if you responded to all.

Re: KASAN: slab-out-of-bounds Read in strcmp

James Morris wrote: > On Sun, 3 Dec 2017, Tetsuo Handa wrote: > > > Tetsuo Handa wrote: > > > which will allow strcmp() to trigger out of bound read when "size" is > > > larger than strlen(initial_sid_to_string[i]). > > > > Oops. "smalle

Re: KASAN: slab-out-of-bounds Read in strcmp

Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 3 Dec 2017, Tetsuo Handa wrote: > > > > > Tetsuo Handa wrote: > > > > which will allow strcmp() to trigger out of bound read when "size" is > > > > larger than strlen(in

Re: KASAN: slab-out-of-bounds Read in strcmp

On 2017/12/02 3:52, syzbot wrote: > == > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328 > Read of size 1 at addr 8801cd99d2c1 by task syzkaller242593/3087 > > CPU: 0 PID: 3087 Comm: syzkaller242593 Not

Re: suspicious __GFP_NOMEMALLOC in selinux

On 2017/08/03 17:11, Michal Hocko wrote: > [CC Mel] > > On Wed 02-08-17 17:45:56, Paul Moore wrote: >> On Wed, Aug 2, 2017 at 6:50 AM, Michal Hocko wrote: >>> Hi, >>> while doing something completely unrelated to selinux I've noticed a >>> really strange __GFP_NOMEMALLOC usage

Re: suspicious __GFP_NOMEMALLOC in selinux

Michal Hocko wrote: > On Thu 03-08-17 19:02:57, Tetsuo Handa wrote: > > On 2017/08/03 17:11, Michal Hocko wrote: > > > [CC Mel] > > > > > > On Wed 02-08-17 17:45:56, Paul Moore wrote: > > >> On Wed, Aug 2, 2017 at 6:50 AM, Michal Hocko <mho...

Re: [PATCH] selinux: return -ENOMEM if kzalloc() fails

Stephen Smalley wrote: > On Fri, 2017-06-30 at 10:56 +0300, Dan Carpenter wrote: > > We accidentally return success instead of -ENOMEM on this failure > > path. > > > > Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of > > PKey SIDs") > > Signed-off-by: Dan Carpenter

Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()

Paul Moore wrote: > On Fri, Mar 24, 2017 at 10:55 PM, Tetsuo Handa > <penguin-ker...@i-love.sakura.ne.jp> wrote: > > Paul Moore wrote: > >> Hi, > >> > >> Thank you very much for this patch, but I think we need to look a bit > >> harder

Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

Paul Moore wrote: > > Signed-off-by: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp> > > Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > > --- > > security/selinux/hooks.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > When a

Re: [PATCH] selinux: Use task_alloc hook rather than task_create hook

Stephen Smalley wrote: > On Tue, 2017-03-28 at 22:12 +0900, Tetsuo Handa wrote: > > This patch is a preparation for getting rid of task_create hook > > because > > task_create hook > > task_alloc hook? Oops, copy error. Yes, I meant task_alloc hook. > > >

[PATCH] selinux: Use task_alloc hook rather than task_create hook

() and audit_alloc() in copy_process(). We can tolerate these overhead for unlikely situation. Therefore, this patch changes SELinux to use task_alloc hook rather than task_create hook so that we can remove task_create hook. Signed-off-by: Tetsuo Handa <penguin-ker...@i-love.sakura.ne

Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()

Paul Moore wrote: > Hi, > > Thank you very much for this patch, but I think we need to look a bit > harder at this problem as it appears that many callers assume that > selinux_parse_opts_str() cleans up after itself. Looking quickly I > found what appear to be two problems, there are likely

[PATCH] selinux: fix double free in selinux_parse_opts_str()

(opts->mnt_opts) when kcalloc() for opts->mnt_opts_flags failed. But it should not have called it because security_free_mnt_opts() will call kfree(opts->mnt_opts). Signed-off-by: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp> Reported-by: Dmitry Vyukov <dvyu...@google.com> fi

Re: security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode

Dmitry Vyukov wrote: > On Thu, Mar 23, 2017 at 2:06 PM, Dmitry Vyukov wrote: > > Hello, > > > > I've got the following report while running syzkaller fuzzer on > > 093b995e3b55a0ae0670226ddfcb05bfbf0099ae. Note the preceding injected > > kmalloc failure in

Re: security: double-free in superblock_doinit

Dmitry Vyukov wrote: > Hello, > > I've got the following double-free report in superblock_doinit while > running syzkaller fuzzer. > Note the preceding injected failure in kmalloc, most likely that the root > cause. Thank you for reporting. selinux_parse_opts_str() and smack_parse_opts_str()

Re: [RFC 4/7] selinux: mark __ro_mostly_after_init for selinux_hooks/selinux_nf_ops

On 2017/02/19 19:04, Hoeun Ryu wrote: > It would be good that selinux hooks objects are marked as > `__ro_mostly_after_init`. They can not be simply marked as `__ro_after_init' > because they should be writable during selinux_disable procedure. > `__ro_mostly_after_init` section is temporarily

Re: [kernel-hardening] Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

Casey Schaufler wrote: > On 2/16/2017 3:00 AM, Tetsuo Handa wrote: > > Casey Schaufler wrote: > >> I can't say that I'm buying the value of the additional > >> complexity here. Sure, you're protecting part of the data > >> all the time, but you're exposing

Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

James Morris wrote: > On Tue, 14 Feb 2017, Tetsuo Handa wrote: > > > > diff --git a/security/Kconfig b/security/Kconfig > > > index 118f454..f6f90c4 100644 > > > --- a/security/Kconfig > > > +++ b/security/Kconfig > > > @@ -31,6 +31,11 @@ conf

Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

James Morris wrote: > > Loadable kernel modules used by antivirus software temporarily modify > > syscall tables > > ( > > http://stackoverflow.com/questions/13876369/system-call-interception-in-linux-kernel-module-kernel-3-5 > > ) > > in order to register hooks for execve()/open()/close(). It