Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file()
From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2020-07-08 00:47:54
Also in:
linux-fsdevel, linux-integrity, lkml
On Tue, 2020-07-07 at 01:19 -0700, Kees Cook wrote:
quoted hunk ↗ jump to hunk
Calls to security_kernel_load_data() should be paired with a call to security_kernel_post_read_file() with a NULL file argument. Add the missing call so the module contents are visible to the LSMs interested in measuring the module content. (This also paves the way for moving module signature checking out of the module core and into an LSM.) Cc: Jessica Yu <jeyu@kernel.org> Fixes: c77b8cdf745d ("module: replace the existing LSM hook in init_module") Signed-off-by: Kees Cook <redacted> --- kernel/module.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)diff --git a/kernel/module.c b/kernel/module.c index 0c6573b98c36..af9679f8e5c6 100644 --- a/kernel/module.c +++ b/kernel/module.c@@ -2980,7 +2980,12 @@ static int copy_module_from_user(const void __user *umod, unsigned long len, return -EFAULT; } - return 0; + err = security_kernel_post_read_file(NULL, (char *)info->hdr, + info->len, READING_MODULE);
There was a lot of push back on calling security_kernel_read_file() with a NULL file descriptor here.[1] The result was defining a new security hook - security_kernel_load_data - and enumeration - LOADING_MODULE. I would prefer calling the same pre and post security hook. Mimi [1] http://kernsec.org/pipermail/linux-security-module-archive/2018-Ma y/007110.html
+ if (err) + vfree(info->hdr); + + return err; } static void free_copy(struct load_info *info)