From patchwork Tue Nov 21 18:26:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Salvatore Mesoraca X-Patchwork-Id: 10068723 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EA5116022E for ; Tue, 21 Nov 2017 18:28:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DDFEA298B7 for ; Tue, 21 Nov 2017 18:28:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D2F14298B9; Tue, 21 Nov 2017 18:28:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, GAPPY_SUBJECT, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C9886298B7 for ; Tue, 21 Nov 2017 18:28:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751317AbdKUS2m (ORCPT ); Tue, 21 Nov 2017 13:28:42 -0500 Received: from mail-wr0-f195.google.com ([209.85.128.195]:39653 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751339AbdKUS0k (ORCPT ); Tue, 21 Nov 2017 13:26:40 -0500 Received: by mail-wr0-f195.google.com with SMTP id 11so8829879wrb.6; Tue, 21 Nov 2017 10:26:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1k8GjGD33yaluYmT/S6/EQmjiz7pLeExd4KDW8M72GU=; b=ApVoZOMVYpfO9nYk9CqNLi20fDUtfF0uoAdRWB4IHAX1V4AXhplFnmWJgVglMfvawy KEffrmaLiLyxYA8s3BbUyAAwnTl/43XNtsHDi3zeUO5inkHpogUy8mwaAZhrw+seXmLr PdJTPntqSUrbeJVAGr+O1fTn8k07MuC9eSLxgF/toG6rRHn4ntEvfsKvgJsI8TxZzWqv B+MsRkvpIAA0UJDMJx1/u6v9/vsUu+z3EaKWs5ntubzkueoXKScQZzgvF8i7ECh51Jkj jSnwMgtANK0vpvwbBtaqnVcyXXe5CPqmu1VutryWQXbQQwOpy5QSFw0m4SFp8dy9oa4g 2FRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1k8GjGD33yaluYmT/S6/EQmjiz7pLeExd4KDW8M72GU=; b=cczHKRn6CVgJj0onDjbdelFddnx3bryHReW4RhhFOhWC9myygHKpy4Agk6rYvxj8LG r/zrv/3kGpuGahO7oFyTryPDh/p73aOVXXiAvIKUwvdssAxQ2lM3/CWLhmpHHZ73IRem BkF52Nnh980mlvr7+pH98sZw5Y+J5qGuoNEpLw+xV+EiyuwrF+3lqmEtf72Fp1eEa4fn Xpztw9f6YNEx0Pc/yqO+K8HbISmWBfgWV6eJyG7MP4tC+2q9gmozv+PJM2LYmNMJZEMo dPue66jzsU8eFZTnDPf5bcZ3n8E7a4C/UZ9NCDvjK1HV/tcFgDlmVZybiBI/NlwWM1sb 5ezQ== X-Gm-Message-State: AJaThX7mErZ/y+AOERXrJGtGXZrACqrjmD1kEj8IY/0f53cj+SXczwcH 7BBE2xrAEF6DDJFoZh9HKargGDxalwE= X-Google-Smtp-Source: AGs4zMZ3Rnmoh3bJ4TrikzkXGXHvqWfXvJUcY5xpYX2bpM9EbNElYw0UEjjAfqgrDznvfFZPZMMHxw== X-Received: by 10.223.132.194 with SMTP id 60mr16113321wrg.249.1511288798839; Tue, 21 Nov 2017 10:26:38 -0800 (PST) Received: from localhost ([37.180.48.100]) by smtp.gmail.com with ESMTPSA id n143sm3533217wmd.31.2017.11.21.10.26.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 21 Nov 2017 10:26:38 -0800 (PST) From: Salvatore Mesoraca To: linux-kernel@vger.kernel.org Cc: linux-security-module@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, Salvatore Mesoraca , Alexander Viro , Brad Spengler , Casey Schaufler , Christoph Hellwig , James Morris , Jann Horn , Kees Cook , PaX Team , Thomas Gleixner , "Serge E. Hallyn" Subject: [RFC v4 04/10] S.A.R.A. cred blob management Date: Tue, 21 Nov 2017 19:26:06 +0100 Message-Id: <1511288772-19308-5-git-send-email-s.mesoraca16@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1511288772-19308-1-git-send-email-s.mesoraca16@gmail.com> References: <1511288772-19308-1-git-send-email-s.mesoraca16@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Creation of the S.A.R.A. cred blob management "API". In order to allow S.A.R.A. to be stackable with other LSMs, it doesn't use the "security" field of struct cred, instead it uses an ad hoc field named security_sara. This solution is probably not acceptable for upstream, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca --- include/linux/cred.h | 3 ++ security/sara/Makefile | 2 +- security/sara/include/sara_data.h | 55 +++++++++++++++++++++++++++ security/sara/main.c | 6 +++ security/sara/sara_data.c | 79 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 security/sara/include/sara_data.h create mode 100644 security/sara/sara_data.c diff --git a/include/linux/cred.h b/include/linux/cred.h index 099058e..b65b666 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -141,6 +141,9 @@ struct cred { #ifdef CONFIG_SECURITY void *security; /* subjective LSM security */ #endif +#ifdef CONFIG_SECURITY_SARA + void *security_sara; +#endif struct user_struct *user; /* real user ID subscription */ struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ struct group_info *group_info; /* supplementary groups for euid/fsgid */ diff --git a/security/sara/Makefile b/security/sara/Makefile index 8acd291..14bf7a8 100644 --- a/security/sara/Makefile +++ b/security/sara/Makefile @@ -1,3 +1,3 @@ obj-$(CONFIG_SECURITY_SARA) := sara.o -sara-y := main.o securityfs.o utils.o +sara-y := main.o securityfs.o utils.o sara_data.o diff --git a/security/sara/include/sara_data.h b/security/sara/include/sara_data.h new file mode 100644 index 0000000..248f57b --- /dev/null +++ b/security/sara/include/sara_data.h @@ -0,0 +1,55 @@ +/* + * S.A.R.A. Linux Security Module + * + * Copyright (C) 2017 Salvatore Mesoraca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + */ + +#ifndef __SARA_DATA_H +#define __SARA_DATA_H + +#include + +int sara_data_init(void) __init; + +#ifdef CONFIG_SECURITY_SARA_WXPROT + +struct sara_data { + unsigned long relro_page; + struct file *relro_file; + u16 wxp_flags; + u16 execve_flags; + bool relro_page_found; + bool mmap_blocked; +}; + +#define get_sara_data_leftvalue(X) ((X)->security_sara) +#define get_sara_data(X) ((struct sara_data *) (X)->security_sara) +#define get_current_sara_data() get_sara_data(current_cred()) + +#define get_sara_wxp_flags(X) (get_sara_data((X))->wxp_flags) +#define get_current_sara_wxp_flags() get_sara_wxp_flags(current_cred()) + +#define get_sara_execve_flags(X) (get_sara_data((X))->execve_flags) +#define get_current_sara_execve_flags() get_sara_execve_flags(current_cred()) + +#define get_sara_relro_page(X) (get_sara_data((X))->relro_page) +#define get_current_sara_relro_page() get_sara_relro_page(current_cred()) + +#define get_sara_relro_file(X) (get_sara_data((X))->relro_file) +#define get_current_sara_relro_file() get_sara_relro_file(current_cred()) + +#define get_sara_relro_page_found(X) (get_sara_data((X))->relro_page_found) +#define get_current_sara_relro_page_found() \ + get_sara_relro_page_found(current_cred()) + +#define get_sara_mmap_blocked(X) (get_sara_data((X))->mmap_blocked) +#define get_current_sara_mmap_blocked() get_sara_mmap_blocked(current_cred()) + +#endif + +#endif /* __SARA_H */ diff --git a/security/sara/main.c b/security/sara/main.c index aaddd32..0fc1761 100644 --- a/security/sara/main.c +++ b/security/sara/main.c @@ -15,6 +15,7 @@ #include #include "include/sara.h" +#include "include/sara_data.h" #include "include/securityfs.h" static const int sara_version = SARA_VERSION; @@ -90,6 +91,11 @@ void __init sara_init(void) goto error; } + if (sara_data_init()) { + pr_crit("impossible to initialize creds.\n"); + goto error; + } + pr_debug("initialized.\n"); if (sara_enabled) diff --git a/security/sara/sara_data.c b/security/sara/sara_data.c new file mode 100644 index 0000000..8f11cd1 --- /dev/null +++ b/security/sara/sara_data.c @@ -0,0 +1,79 @@ +/* + * S.A.R.A. Linux Security Module + * + * Copyright (C) 2017 Salvatore Mesoraca + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + */ + +#include "include/sara_data.h" + +#ifdef CONFIG_SECURITY_SARA_WXPROT +#include +#include +#include + +static int sara_cred_alloc_blank(struct cred *cred, gfp_t gfp) +{ + struct sara_data *d; + + d = kzalloc(sizeof(*d), gfp); + if (d == NULL) + return -ENOMEM; + get_sara_data_leftvalue(cred) = d; + return 0; +} + +static void sara_cred_free(struct cred *cred) +{ + struct sara_data *d; + + d = get_sara_data(cred); + if (d != NULL) { + kfree(d); + get_sara_data_leftvalue(cred) = NULL; + } +} + +static int sara_cred_prepare(struct cred *new, const struct cred *old, + gfp_t gfp) +{ + struct sara_data *d; + + d = kmemdup(get_sara_data(old), sizeof(*d), gfp); + if (d == NULL) + return -ENOMEM; + get_sara_data_leftvalue(new) = d; + return 0; +} + +static void sara_cred_transfer(struct cred *new, const struct cred *old) +{ + *get_sara_data(new) = *get_sara_data(old); +} + +static struct security_hook_list data_hooks[] __ro_after_init = { + LSM_HOOK_INIT(cred_alloc_blank, sara_cred_alloc_blank), + LSM_HOOK_INIT(cred_free, sara_cred_free), + LSM_HOOK_INIT(cred_prepare, sara_cred_prepare), + LSM_HOOK_INIT(cred_transfer, sara_cred_transfer), +}; + +int __init sara_data_init(void) +{ + security_add_hooks(data_hooks, ARRAY_SIZE(data_hooks), "sara"); + return sara_cred_alloc_blank((struct cred *) current->real_cred, + GFP_KERNEL); +} + +#else /* CONFIG_SECURITY_SARA_WXPROT */ + +int __init sara_data_init(void) +{ + return 0; +} + +#endif