From patchwork Thu Jun 15 16:42:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Salvatore Mesoraca X-Patchwork-Id: 9789341 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8B87A60384 for ; Thu, 15 Jun 2017 16:45:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E4F027528 for ; Thu, 15 Jun 2017 16:45:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 72DC427F17; Thu, 15 Jun 2017 16:45:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, GAPPY_SUBJECT, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 576E627528 for ; Thu, 15 Jun 2017 16:45:32 +0000 (UTC) Received: (qmail 27840 invoked by uid 550); 15 Jun 2017 16:45:00 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 24548 invoked from network); 15 Jun 2017 16:44:46 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dh5YnBsTtbhgnG/sDb9N1Q3ypaP6zoC6IK2isC1DLTE=; b=e3rFl6WNYEt51ZwpTpHFo+wtiy8RQGPp3kvjgerdyXX4ooGm6ZFttHIigTjeN99eK0 lgJBQpT1N5/mKlt/kGmdejDiWdtkUCLJTPg9Pn6DwYMDW1ayt7LBL14HUWyDebuXHnWg UMAA1ejgbzlNQRF6yhxVofG2w4os7E3B4ZB3iSVf5RDOWGWxHtpdGfRN3epH36hHT6OU sJTUuBMmnFhYiQ2ht0o0C1DN2ZF9IbFhBdUf+AURXP++cu7YT53N5XoA1TdbyPixffgC 30LwdeDqZksYnXL2oNmKSAXDl9ShmCxyAtKHcJRLyynEfmbuXW2QB34LBw/Z2+dcgFV5 QYYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dh5YnBsTtbhgnG/sDb9N1Q3ypaP6zoC6IK2isC1DLTE=; b=gYWHCd/shbN0x2GZqUMBL7WhWZlBHvPk27RfBtEs66h/Byrbc1ySSHKP5StSM1Jhfw L7DWgJukKMenuNXWQ8pV1hZPaUaEz14DfH4Yse5mCM+sHLMxX4zbD28nOb8sWDA2PK/G MMPcho3ndSWvMrP8IggnYFqhKAf7ZHLwVcz0pmD2+yVTuR44wmesAqCTay0diSTYFue7 w9Qh3Eb48WqXhqVKXB70S1DcwvImZO06Wkv5G8/Ck/N3G3sXV/EWYmmH4AqLncZOvZao kNfW2KoC7StT1XMzaJSI4XR+y53u+ZAhSDCbmUBTjeDvohoITTWrkPYWHBkGPy2mjPuF OnpQ== X-Gm-Message-State: AKS2vOyIkS8JyJX2YO4WqZEBFD9dU81sgDFCOAcpJGfNNxyO3QRo+nG5 MAqBjLQp8DibLw== X-Received: by 10.28.111.14 with SMTP id k14mr4336743wmc.94.1497545074707; Thu, 15 Jun 2017 09:44:34 -0700 (PDT) From: Salvatore Mesoraca To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com, Salvatore Mesoraca , Brad Spengler , PaX Team , Casey Schaufler , Kees Cook , James Morris , "Serge E. Hallyn" , linux-mm@kvack.org, x86@kernel.org, Jann Horn , Christoph Hellwig , Thomas Gleixner Date: Thu, 15 Jun 2017 18:42:51 +0200 Message-Id: <1497544976-7856-5-git-send-email-s.mesoraca16@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1497544976-7856-1-git-send-email-s.mesoraca16@gmail.com> References: <1497544976-7856-1-git-send-email-s.mesoraca16@gmail.com> Subject: [kernel-hardening] [RFC v2 4/9] S.A.R.A. cred blob management X-Virus-Scanned: ClamAV using ClamSMTP Creation of the S.A.R.A. cred blob management "API". In order to allow S.A.R.A. to be stackable with other LSMs, it doesn't use the "security" field of struct cred, instead it uses an ad hoc field named security_sara. This solution is probably not acceptable for upstream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca --- include/linux/cred.h | 3 ++ security/sara/Makefile | 2 +- security/sara/include/sara_data.h | 47 +++++++++++++++++++++++ security/sara/main.c | 6 +++ security/sara/sara_data.c | 79 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 security/sara/include/sara_data.h create mode 100644 security/sara/sara_data.c diff --git a/include/linux/cred.h b/include/linux/cred.h index b03e7d0..007feb5 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -141,6 +141,9 @@ struct cred { #ifdef CONFIG_SECURITY void *security; /* subjective LSM security */ #endif +#ifdef CONFIG_SECURITY_SARA + void *security_sara; +#endif struct user_struct *user; /* real user ID subscription */ struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ struct group_info *group_info; /* supplementary groups for euid/fsgid */ diff --git a/security/sara/Makefile b/security/sara/Makefile index 8acd291..14bf7a8 100644 --- a/security/sara/Makefile +++ b/security/sara/Makefile @@ -1,3 +1,3 @@ obj-$(CONFIG_SECURITY_SARA) := sara.o -sara-y := main.o securityfs.o utils.o +sara-y := main.o securityfs.o utils.o sara_data.o diff --git a/security/sara/include/sara_data.h b/security/sara/include/sara_data.h new file mode 100644 index 0000000..7ed04fd --- /dev/null +++ b/security/sara/include/sara_data.h @@ -0,0 +1,47 @@ +/* + * S.A.R.A. Linux Security Module + * + * Copyright (C) 2017 Salvatore Mesoraca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + */ + +#ifndef __SARA_DATA_H +#define __SARA_DATA_H + +#include + +int sara_data_init(void) __init; + +#ifdef CONFIG_SECURITY_SARA_WXPROT + +struct sara_data { + unsigned long relro_page; + u16 wxp_flags; + bool relro_page_found; + bool mmap_blocked; +}; + +#define get_sara_data_leftvalue(X) ((X)->security_sara) +#define get_sara_data(X) ((struct sara_data *) (X)->security_sara) +#define get_current_sara_data() get_sara_data(current_cred()) + +#define get_sara_wxp_flags(X) (get_sara_data((X))->wxp_flags) +#define get_current_sara_wxp_flags() get_sara_wxp_flags(current_cred()) + +#define get_sara_relro_page(X) (get_sara_data((X))->relro_page) +#define get_current_sara_relro_page() get_sara_relro_page(current_cred()) + +#define get_sara_relro_page_found(X) (get_sara_data((X))->relro_page_found) +#define get_current_sara_relro_page_found() \ + get_sara_relro_page_found(current_cred()) + +#define get_sara_mmap_blocked(X) (get_sara_data((X))->mmap_blocked) +#define get_current_sara_mmap_blocked() get_sara_mmap_blocked(current_cred()) + +#endif + +#endif /* __SARA_H */ diff --git a/security/sara/main.c b/security/sara/main.c index 2007735..644ff6d 100644 --- a/security/sara/main.c +++ b/security/sara/main.c @@ -14,6 +14,7 @@ #include #include "include/sara.h" +#include "include/sara_data.h" #include "include/securityfs.h" static const int sara_version = SARA_VERSION; @@ -80,6 +81,11 @@ void __init sara_init(void) goto error; } + if (sara_data_init()) { + pr_crit("impossible to initialize creds.\n"); + goto error; + } + pr_debug("initialized.\n"); if (sara_enabled) diff --git a/security/sara/sara_data.c b/security/sara/sara_data.c new file mode 100644 index 0000000..8f11cd1 --- /dev/null +++ b/security/sara/sara_data.c @@ -0,0 +1,79 @@ +/* + * S.A.R.A. Linux Security Module + * + * Copyright (C) 2017 Salvatore Mesoraca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + */ + +#include "include/sara_data.h" + +#ifdef CONFIG_SECURITY_SARA_WXPROT +#include +#include +#include + +static int sara_cred_alloc_blank(struct cred *cred, gfp_t gfp) +{ + struct sara_data *d; + + d = kzalloc(sizeof(*d), gfp); + if (d == NULL) + return -ENOMEM; + get_sara_data_leftvalue(cred) = d; + return 0; +} + +static void sara_cred_free(struct cred *cred) +{ + struct sara_data *d; + + d = get_sara_data(cred); + if (d != NULL) { + kfree(d); + get_sara_data_leftvalue(cred) = NULL; + } +} + +static int sara_cred_prepare(struct cred *new, const struct cred *old, + gfp_t gfp) +{ + struct sara_data *d; + + d = kmemdup(get_sara_data(old), sizeof(*d), gfp); + if (d == NULL) + return -ENOMEM; + get_sara_data_leftvalue(new) = d; + return 0; +} + +static void sara_cred_transfer(struct cred *new, const struct cred *old) +{ + *get_sara_data(new) = *get_sara_data(old); +} + +static struct security_hook_list data_hooks[] __ro_after_init = { + LSM_HOOK_INIT(cred_alloc_blank, sara_cred_alloc_blank), + LSM_HOOK_INIT(cred_free, sara_cred_free), + LSM_HOOK_INIT(cred_prepare, sara_cred_prepare), + LSM_HOOK_INIT(cred_transfer, sara_cred_transfer), +}; + +int __init sara_data_init(void) +{ + security_add_hooks(data_hooks, ARRAY_SIZE(data_hooks), "sara"); + return sara_cred_alloc_blank((struct cred *) current->real_cred, + GFP_KERNEL); +} + +#else /* CONFIG_SECURITY_SARA_WXPROT */ + +int __init sara_data_init(void) +{ + return 0; +} + +#endif