Re: [PATCH] LSM: SafeSetID: add selftest

[PATCH] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-10-31
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-01
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · "Serge E. Hallyn" <serge@hallyn.com> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-08
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2018-11-08
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-09
[PATCH] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2018-11-09
[PATCH] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-11-21
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2018-12-06
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-12-06
[PATCH v2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-11
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
[PATCH v3 1/2] LSM: mark all set*uid call sites in kernel/sys.c · mortonm@chromium.org · 2019-01-15
Re: [PATCH v3 1/2] LSM: mark all set*uid call sites in kernel/sys.c · Kees Cook <hidden> · 2019-01-15
[PATCH v3 2/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-15
Re: [PATCH v3 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
[PATCH v4 2/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-15
Re: [PATCH v4 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
[PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-16
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-16
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-22
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-22
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-22
[PATCH v3 1/2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2019-01-22
Re: [PATCH v3 1/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-25
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-25
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-25
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-28
[PATCH] LSM: Add 'name' field for SafeSetID in DEFINE_LSM · mortonm@chromium.org · 2019-01-28
Re: [PATCH] LSM: Add 'name' field for SafeSetID in DEFINE_LSM · James Morris <jmorris@namei.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-28
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-29
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-29
Re: [PATCH v5 2/2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-30
[PATCH] LSM: SafeSetID: add selftest · mortonm@chromium.org · 2019-02-06
RE: [PATCH] LSM: SafeSetID: add selftest · Edwin Zimmerman <hidden> · 2019-02-06
Re: [PATCH] LSM: SafeSetID: add selftest · Micah Morton <mortonm@chromium.org> · 2019-02-07
Re: [PATCH] LSM: SafeSetID: add selftest · James Morris <jmorris@namei.org> · 2019-02-12
Re: [PATCH v3 2/2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Kees Cook <hidden> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2019-01-15
Re: [PATCH v2] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2019-01-15
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-02
[PATCH v2] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-11-06
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · James Morris <jmorris@namei.org> · 2018-11-06
[PATCH v3] LSM: add SafeSetID module that gates setid calls · mortonm@chromium.org · 2018-11-06
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Stephen Smalley <hidden> · 2018-11-02
Re: [PATCH] LSM: add SafeSetID module that gates setid calls · Micah Morton <mortonm@chromium.org> · 2018-11-02
[PATCH] [PATCH] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2018-11-19
Re: [PATCH] [PATCH] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2018-12-13
Re: [PATCH] [PATCH] LSM: generalize flag passing to security_capable · Casey Schaufler <casey@schaufler-ca.com> · 2018-12-13
Re: [PATCH] [PATCH] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2018-12-14
[PATCH v2] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2018-12-18
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Casey Schaufler <casey@schaufler-ca.com> · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-07
[PATCH v3] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2019-01-07
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Kees Cook <hidden> · 2019-01-07
[PATCH v4] LSM: generalize flag passing to security_capable · mortonm@chromium.org · 2019-01-08
Re: [PATCH v4] LSM: generalize flag passing to security_capable · Kees Cook <hidden> · 2019-01-08
Re: [PATCH v4] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-09
Re: [PATCH v4] LSM: generalize flag passing to security_capable · James Morris <jmorris@namei.org> · 2019-01-10
Re: [PATCH v4] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-10
Re: [PATCH v2] LSM: generalize flag passing to security_capable · Micah Morton <mortonm@chromium.org> · 2019-01-08

From: Micah Morton <mortonm@chromium.org>
Date: 2019-02-07 21:55:09

Yeah, that would be simple, although maybe someone is counting on
those users to exist later. We could create special users on the
system for the purpose of this test that didn't exist before the test
(and delete them afterward), but then there are other setup/cleanup
questions, like:

- Do we unmount securityfs after the test? What if something was
counting on it being mounted or not mounted?
- Do we flush the SafeSetID LSM policies after the test? Note that the
LSM doesn't currently have the functionality to flush individual
policies, so what happens if something was counting on certain
policies (for other users) being configured for the LSM and we flush
those after running our test?

These questions were the reason I was hoping to get more info on the
kind of environment in which these selftests run. If the norm is to
boot up a VM, run one of these tests, then reboot/shutdown, most of
these questions don't need to be answered (we would still probably
want to fix user creation/deletion since that is persistent across
reboots).

On Wed, Feb 6, 2019 at 11:26 AM Edwin Zimmerman [off-list ref] wrote:

quoted

On Wednesday, February 06, 2019 2:03 PM Micah Morton wrote:

quoted

This patch adds a selftest for the SafeSetID LSM. The test requires
mounting securityfs if it isn't mounted, creating test users in
/etc/passwd, and configuring policies for the SafeSetID LSM through
writes to securityfs.

Signed-off-by: Micah Morton <mortonm@chromium.org>
---
This test is reasonably robust for demonstrating the functionality of
the LSM, but is no masterpiece by any means. I'm not totally sure how
these tests are used. Are they incorporated into testing frameworks for
the Linux kernel that are run regularly or just PoC binaries that sit in
this directory more or less as documentation? If its the former, this
code probably needs some more cleanup and better organization. Beyond
coding style, the test doesn't bother to clean up users that were added
in /etc/passwd for testing purposes nor flushes policies that were
configured for the LSM relating to those users. Should it?

No good reason to leave the users, so I would suggest cleaning them up.
All it would take would be several deluser commands
in safesetid-test.sh.  Very simple.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help