[PATCH v5 23/38] SELinux: Remove cred security blob poisoning

[PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 07/38] LSM: Introduce "lsm=" for boottime LSM selection · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-26
[PATCH v5 10/38] LSM: Refactor "security=" in terms of enable/disable · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-26
[PATCH v5 11/38] LSM: Separate idea of "major" LSM from "exclusive" LSM · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-26
[PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
Re: [PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR · Kees Cook <hidden> · 2018-11-27
Re: [PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR · Ondrej Mosnacek <omosnace@redhat.com> · 2018-11-28
Re: [PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-28
[PATCH v5 02/38] LSM: Provide separate ordered initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 03/38] LSM: Plumb visibility into optional "enabled" state · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 04/38] LSM: Lift LSM selection out of individual LSMs · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 05/38] LSM: Build ordered list of LSMs to initialize · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 06/38] LSM: Introduce CONFIG_LSM · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 08/38] LSM: Tie enabling logic to presence in ordered list · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 09/38] LSM: Prepare for reorganizing "security=" logic · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 12/38] apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 13/38] selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 14/38] LSM: Add all exclusive LSMs to ordered initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 15/38] LSM: Split LSM preparation from initialization · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 16/38] LoadPin: Initialize as ordered LSM · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 17/38] Yama: Initialize as ordered LSM · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 18/38] LSM: Introduce enum lsm_order · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 19/38] capability: Initialize as LSM_ORDER_FIRST · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 20/38] procfs: add smack subdir to attrs · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 21/38] Smack: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 22/38] SELinux: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 23/38] SELinux: Remove cred security blob poisoning · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 25/38] AppArmor: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 26/38] TOMOYO: Abstract use of cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 27/38] Infrastructure management of the cred security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 28/38] SELinux: Abstract use of file security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 24/38] SELinux: Remove unused selinux_is_enabled · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 29/38] Smack: Abstract use of file security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 30/38] LSM: Infrastructure management of the file security · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 31/38] SELinux: Abstract use of inode security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 32/38] Smack: Abstract use of inode security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 33/38] LSM: Infrastructure management of the inode security · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 34/38] LSM: Infrastructure management of the task security · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 35/38] SELinux: Abstract use of ipc security blobs · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 36/38] Smack: Abstract use of ipc security blobs · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 37/38] LSM: Infrastructure management of the ipc security blob · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
[PATCH v5 38/38] TOMOYO: Update LSM flags to no longer be exclusive · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-27
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Kees Cook <hidden> · 2018-12-05
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Casey Schaufler <casey@schaufler-ca.com> · 2018-12-05
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · John Johansen <john.johansen@canonical.com> · 2018-12-05
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2018-12-11
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · James Morris <jmorris@namei.org> · 2018-12-12
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Kees Cook <hidden> · 2018-12-11
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Kees Cook <hidden> · 2019-01-08
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · James Morris <jmorris@namei.org> · 2019-01-08
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-08
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Kees Cook <hidden> · 2019-01-08
Re: [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-08

STALE2701d REVIEWED: 1 (0M)

Revisions (2)

2018-11-27 v5 current
2018-12-11 v5 [diff vs current]

From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2018-11-27 10:40:10
Also in: linux-fsdevel, lkml
Subsystem: credentials, selinux security module, the rest · Maintainers: Paul Moore, Stephen Smalley, Linus Torvalds

The SELinux specific credential poisioning only makes sense
if SELinux is managing the credentials. As the intent of this
patch set is to move the blob management out of the modules
and into the infrastructure, the SELinux specific code has
to go. The poisioning could be introduced into the infrastructure
at some later date.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <redacted>
Signed-off-by: Kees Cook <redacted>
---
 kernel/cred.c            | 13 -------------
 security/selinux/hooks.c |  6 ------
 2 files changed, 19 deletions(-)

diff --git a/kernel/cred.c b/kernel/cred.c
index ecf03657e71c..fa2061ee4955 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c

@@ -704,19 +704,6 @@ bool creds_are_invalid(const struct cred *cred)
 {
 	if (cred->magic != CRED_MAGIC)
 		return true;
-#ifdef CONFIG_SECURITY_SELINUX
-	/*
-	 * cred->security == NULL if security_cred_alloc_blank() or
-	 * security_prepare_creds() returned an error.
-	 */
-	if (selinux_is_enabled() && cred->security) {
-		if ((unsigned long) cred->security < PAGE_SIZE)
-			return true;
-		if ((*(u32 *)cred->security & 0xffffff00) ==
-		    (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
-			return true;
-	}
-#endif
 	return false;
 }
 EXPORT_SYMBOL(creds_are_invalid);

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 24b6b459fa2a..41b230d459a6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -3922,12 +3922,6 @@ static void selinux_cred_free(struct cred *cred)
 {
 	struct task_security_struct *tsec = selinux_cred(cred);
 
-	/*
-	 * cred->security == NULL if security_cred_alloc_blank() or
-	 * security_prepare_creds() returned an error.
-	 */
-	BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
-	cred->security = (void *) 0x7UL;
 	kfree(tsec);
 }

-- 
2.14.5

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help