Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls

[PATCH] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-08
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-08
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-09
[PATCH] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2018-11-09
[PATCH] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-11-21
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2018-12-06
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-12-06
[PATCH v2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-11
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
[PATCH v3 1/2] LSM: mark all set*uid call sites in kernel/sys.c · mortonm@chromium.org · 2019-01-15
Re: [PATCH v3 1/2] LSM: mark all set*uid call sites in kernel/sys.c · Kees Cook <hidden> · 2019-01-15
[PATCH v3 2/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-15
Re: [PATCH v3 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
[PATCH v4 2/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-15
Re: [PATCH v4 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
[PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-16
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-16
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-22
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-22
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-22
[PATCH v3 1/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-22
Re: [PATCH v3 1/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-25
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-25
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-25
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-28
[PATCH] LSM: Add 'name' field for SafeSetID in DEFINE_LSM · mortonm@chromium.org · 2019-01-28
Re: [PATCH] LSM: Add 'name' field for SafeSetID in DEFINE_LSM · James Morris <jmorris@namei.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-29
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-29
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-30
[PATCH] LSM: SafeSetID: add selftest · mortonm@chromium.org · 2019-02-06
RE: [PATCH] LSM: SafeSetID: add selftest · Edwin Zimmerman <hidden> · 2019-02-06
Re: [PATCH] LSM: SafeSetID: add selftest · Micah Morton <mortonm@chromium.org> · 2019-02-07
Re: [PATCH] LSM: SafeSetID: add selftest · James Morris <jmorris@namei.org> · 2019-02-12
Re: [PATCH v3 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-15
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-02
[PATCH v2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-11-06
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2018-11-06
[PATCH v3] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-11-06
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Stephen Smalley <hidden> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-02
[PATCH] [PATCH] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2018-11-19
Re: [PATCH] [PATCH] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2018-12-13
Re: [PATCH] [PATCH] LSM: generalize flag passing to security_capable · Casey Schaufler <casey@schaufler-ca.com> · 2018-12-13
Re: [PATCH] [PATCH] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2018-12-14
[PATCH v2] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2018-12-18
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-07
[PATCH v3] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Kees Cook <hidden> · 2019-01-07
[PATCH v4] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2019-01-08
Re: [PATCH v4] LSM: generalize flag passing to security_capable · Kees Cook <hidden> · 2019-01-08
Re: [PATCH v4] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-09
Re: [PATCH v4] LSM: generalize flag passing to security_capable · James Morris <jmorris@namei.org> · 2019-01-10
Re: [PATCH v4] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-10
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-08

From: Micah Morton <mortonm@chromium.org>
Date: 2019-01-28 19:47:23

I'm getting the following crash when booting after compiling a kernel
with this LSM enabled, so I'll have to figure out what is going on.
All the "core" functionality of this LSM has been tested thoroughly
(we're already using this LSM on ChromeOS), but looks like there's
some debugging of the initialization that still needs to be done.

[    0.174285] LSM: Security Framework initializing
[    0.175277] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000000
[    0.176272] #PF error: [normal kernel read fault]
[    0.176272] PGD 0 P4D 0
[    0.176272] Oops: 0000 [#1] SMP PTI
[    0.176272] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.0.0-rc3+ #5
[    0.176272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1 04/01/2014
[    0.176272] RIP: 0010:strcmp+0x4/0x20
[    0.176272] Code: 09 48 83 c2 01 80 3a 00 75 f7 48 83 c6 01 0f b6
4e ff 48 83 c2 01 84 c9 88 4a ff 75 ed f3 c3 0f 1f 80 00 00 00 00 48
83 c7 01 <0f> b6 47 ff 48 83 c6 01 3a 46 ff 75 07 84 c0 75 eb 31 c0 c3
19 c0
[    0.176272] RSP: 0000:ffffffff88a03eb0 EFLAGS: 00010202
[    0.176272] RAX: 00000000ffffffff RBX: ffffffff89079bb0 RCX: 0000000000000000
[    0.176272] RDX: ffffa3f087411ec5 RSI: ffffa3f087411ec0 RDI: 0000000000000001
[    0.176272] RBP: ffffffff88815d93 R08: 000000000000002c R09: ffffa3f087411ec4
[    0.176272] R10: 000000000000002c R11: 00726f6d72617070 R12: ffffa3f087411ec0
[    0.176272] R13: ffffa3f087411ec0 R14: 0000000000000000 R15: 0000000000000000
[    0.176272] FS:  0000000000000000(0000) GS:ffffa3f087800000(0000)
knlGS:0000000000000000
[    0.176272] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.176272] CR2: 0000000000000000 CR3: 0000000005c0e000 CR4: 00000000000006b0
[    0.176272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.176272] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    0.176272] Call Trace:
[    0.176272]  ordered_lsm_parse+0x112/0x20b
[    0.176272]  security_init+0x9b/0x3ab
[    0.176272]  start_kernel+0x413/0x479
[    0.176272]  secondary_startup_64+0xa4/0xb0
[    0.176272] Modules linked in:
[    0.176272] CR2: 0000000000000000
[    0.176272] ---[ end trace f2a8342a377681d5 ]---
[    0.176272] RIP: 0010:strcmp+0x4/0x20
[    0.176272] Code: 09 48 83 c2 01 80 3a 00 75 f7 48 83 c6 01 0f b6
4e ff 48 83 c2 01 84 c9 88 4a ff 75 ed f3 c3 0f 1f 80 00 00 00 00 48
83 c7 01 <0f> b6 47 ff 48 83 c6 01 3a 46 ff 75 07 84 c0 75 eb 31 c0 c3
19 c0
[    0.176272] RSP: 0000:ffffffff88a03eb0 EFLAGS: 00010202
[    0.176272] RAX: 00000000ffffffff RBX: ffffffff89079bb0 RCX: 0000000000000000
[    0.176272] RDX: ffffa3f087411ec5 RSI: ffffa3f087411ec0 RDI: 0000000000000001
[    0.176272] RBP: ffffffff88815d93 R08: 000000000000002c R09: ffffa3f087411ec4
[    0.176272] R10: 000000000000002c R11: 00726f6d72617070 R12: ffffa3f087411ec0
[    0.176272] R13: ffffa3f087411ec0 R14: 0000000000000000 R15: 0000000000000000
[    0.176272] FS:  0000000000000000(0000) GS:ffffa3f087800000(0000)
knlGS:0000000000000000
[    0.176272] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.176272] CR2: 0000000000000000 CR3: 0000000005c0e000 CR4: 00000000000006b0
[    0.176272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.176272] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    0.176272] Kernel panic - not syncing: Attempted to kill the idle task!
[    0.176272] ---[ end Kernel panic - not syncing: Attempted to kill
the idle task! ]---

On Fri, Jan 25, 2019 at 1:06 PM Micah Morton [off-list ref] wrote:

Thanks!

On Fri, Jan 25, 2019 at 12:15 PM James Morris [off-list ref] wrote:

quoted

On Wed, 16 Jan 2019, mortonm@chromium.org wrote:

quoted

From: Micah Morton <mortonm@chromium.org>

SafeSetID gates the setid family of syscalls to restrict UID/GID
transitions from a given UID/GID to only those approved by a
system-wide whitelist. These restrictions also prohibit the given
UIDs/GIDs from obtaining auxiliary privileges associated with
CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID
mappings. For now, only gating the set*uid family of syscalls is
supported, with support for set*gid coming in a future patch set.

Signed-off-by: Micah Morton <mortonm@chromium.org>
Acked-by: Kees Cook <redacted>

Both applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general


--
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help