From patchwork Sat Sep 22 00:17:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10612355 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 237A414BD for ; Mon, 24 Sep 2018 12:29:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0DCD729EA4 for ; Mon, 24 Sep 2018 12:29:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 01C3829EA9; Mon, 24 Sep 2018 12:29:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DD4B229EA4 for ; Mon, 24 Sep 2018 12:29:37 +0000 (UTC) X-EEMSG-check-008: 772125125|UCOL19PA09_EEMSG_MP7.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="772125125" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa09.eemsg.mail.mil with ESMTP; 24 Sep 2018 12:29:32 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="18575189" IronPort-PHdr: 9a23:agvguBNSTcKH2lfjLvEl6mtUPXoX/o7sNwtQ0KIMzox0L/v4pcbcNUDSrc9gkEXOFd2Cra4c1KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhjexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzca3HfdMeWGFPQMBfWSJcCY+4docDEvYNMeNeoob6pVQBtxu+BQ6rBO/20zNFmnH70Kwn3+g4DQ3KwRErE9YQvHjIqdn4MroZX+Kow6nS1TjNcf1W1zf+5obGfB8urvODU69occfT1EUiGR/KgFqOpoz+JD6VyuYAvnKH4+Z8W++jlWgqoBxxrDi1wccsj5HEi5wPxVDf6yp4wJs+K8CkR057e9GkDZVQtyWEOItsX8gvRH1ntzwhyrIYuZ+2ZzMKx4gnxxHFdvyHfYyI7Qz5VOqIPTh3nmhpd664hxa36EWtzPD3WMqs0FtSsyZIndbBumoN2hDO8MSLVPRw8lm71TqSzwze6+NJLVopmafaL5Mt2L89m5oJvUjdACP7l0P7h7KMeEo+4Oin8eHnb63jpp+bKoB7lBnzMr8rmsyjGeQ4NRUOX3SD9eS8yrLj+Ur5Ta1WjvIsiKnZsY3aJd8Bqq6lAw5azoYj6xGlAzegzNsYhmUIIEhAeBKGi4jlI1DOIPbmAvejm1mgjThmyv/cMrDhH5nBNGbPnbj/cbpn9kJQ0A8zwspe55JQBLEBOvXzWkrpudzDEBA5Nw20w+D6CNRyz48RQmWPArKfMKzOr1CI/fkiI/WMZYAJuDb9LOIp5/j1jXAjg1Mdcq6p3YUPZHCiAvtmO1mZYWbrgtoZE2cKuQw+Q/b2iF2CSzFTYW2/X6A75jE9DYKpF5zDRpyzj7ybxye3BJpWZnpJClqUC3fna52EW+sQaCKVOsJhkD4EWqK9RI8izhGuswn6y7t5LufP9C0YsY/j1ddu6O3OkxEy6SF0A96a02GXQGF+hnkISCMu3KBjvUx9zU+O0bBmjPNDC9NT4fJJUhs9NZPHzux1Fc79VRzbcteOUlamTc2sASstQdIp398Of0F9Fs2/gRDE2SqqBaIamKKPBJw16a/TxWb+J9x6y3rc06khlVYmSNNVNWK6nq5/6xTTB4nRnkqHj6alb74c3C/W9GqY1WqBpltYUA9rUaXdWXAQfFfZosrj6kPFVb+uBqwtMhFdxs6aNqtKdtrpgE1IRffiPNTeZny+m32rCBaG2LyDcY3qe38H0yXFEkgElAIT8miaOggiHCuhpHjeDDN2H1L1f0zs6fV+qG+8TkIszAGFdU5h172o+hMOhvyTUfAT3rUZuCs7rDV0Blm91crMC9WcvwphYLlcYdQl7VhdyG3ZrQ19MYK6L615nFERbwF3s1np1xVtBYVKidIqo28yzApuNaKY10tMeC+C0pD0JLLXMXXy/RCoa6PNwVHRzNeW9bkJ6PQkqlXsphulFkw8/HV7y9NVyWeT5o3WDAoOVpL8Slw3+AVnqLzBbSk94ozV2WdqMaaqrj/Iw8gpC/c9yha8Y9dfN7uJFBT8E80AAMiuM/AqlkOybhICO+BT+qs0MNmgd/ec3q6kIvpgliq8jWtb+IB9zl6M9y1kR+/GxZkFx+2Y0RWdVzfnl1qhrN74mZpfajEPG2qz0y/kBJReZqdqZ4YEFX+uI9GrxtV5n5PtXX9Y9FqnB1wYw8+kYgCdYELn3Q1Xz0gXpmanmSSgxTxujz4ptraf3DDJw+n6aRUHJnRERHN5gFjwJoi0iswVU1Kzbwg1jhel41j1x7RDrqRlM2bTWVtIfzTxL2x6TKuwt6aNY9JI6JMyqylYTOS8YVecSr7yuBYa1yLjH21EyzAhcDGmoJL5nwZ1iGiFNnZ8sGLZed1sxRfY/NHcQf9R3iEaRCVhkjnYGFy8P9iv/dWJmJbOqfu+V3qgVp1VcCnk0ZiAuDG95WJ0HR21h+qzlcH/EQgmzS/70MFnVT/PrBb4Zonkyb66Pv5gfkhmH1L88Nd6FZ1lkocqg5EQw3cajI2P/XUbiWfzLclb2aXmYXoOWzELxcXV7RPm2EJ9KHKJ3IT5WWuBwsd7YNm6eGwW0Don789WEKeU8KBEnSxtr1qgtw3RfPx9kSkFyfQ07n4an/8GuBA2wyWAGbAdA1NYPTf2mxST6NC+sb9Xa3qxfri+00p+h9+hA6+YrgFaRnn5Zo8oHTVs4cVnLFLMzHrz55n6eNnWcN0erQOUkxHdgOhVMp4xkOQFhTZ/M2LnoXIl0/I7jQBp3ZyipIiIMXht/KaiDxFENz31e8MS9ijjjalEmMaaxYevHo9uGj8TRpvnUeqoEC4OtfTgLwuOEz09qnOFFrfEGA+f70lmr3zRHJC3K3GXJH4ZzdB8SxWHIkxQnhwUVi0gnpElDgCq2NDhcEBh6zAf/FH4rAdMyuVtNxTkXGfQuhqnajAuSJeFNBpW9AZC50XLPsOC8uJ/BSZY/oeurAaVMGyUexxIDX0VWkyDH13jMKOu6sfd/OiDHOW+KefOYbKVqeFFTfiH2Zev3pFh/zaWOcWFJmNiAOEj2kpfQXB5HNzUlC4URCAQkyLNbtWbpAun+iFttcCw7ujkVBj05YSRD7tSMNNv+w25gKqYK+GRhDx5KStD1p8Wy37H0qQf3EUViyFobTWtFq4AtSHVRqLKhqBXFwIbaz90NMZQ9K083wZNOcndit7uy7F3kOU6C1ZfWlzngM2pYtYKI26lPlPdGEmLLKiGJSHMw8zvY6O8Sb1RjP1Ttx20uDabD1HsMy+GlznoSxCvK/9DgDucPBxEt4G3agxtBnT7TNL6dh27N8d6jTsozrIugnPHLm0cMT9nc0NRtLKQ6zhYgvZ+G2Bb6HpqM/WEkT6D7+bEMpYWredrAiNsmuJA/ns60KVa4zteRPNpmCvftcVho1C8kuaSzTpnXgJOqixVi4OLp0liP7vW9oVYU3be4B0N9XmQCwgNp9Z9F9Lgob5QytnSm6LoMzpN6cjU/dEbB8naM8KILmYuMQfzGD7VEAsETSSnNWfBiExBiPuS7GGaroAmqpjwn5oDUrtbVFsvFvwEDERkHdsCLYx4XjMijL6XlskI5WCxrBPJXsVVoojHVu6OAfXoMDuZlqdLZx8JwbP+MIQSOZb21FBlall/gIvFAVHQXcxXri1ncAA0vF1H8GJiQW0rx0LldgSt7WcOGvGomx42jQ1+Yfgw+Dr3/Vc4OEDKpCoxkUk2n9XpmzaRfyDtLK2oR4FZFzL0t1QtMpP8Wwt1cQyynUljNDfYR7JQj6Bten1qiA7co5RAAuRQTatabx8M3fuXfekn0UxAqiW7wk9K/fHKCZ9jlAQ2b5Gjt3dA2gJlbN4yI6zfPrFEwUNRhq2UuC+kz+4xwBIEK0YL7mySZDYCuFYUObk+Oyqo4uts5BSZlDRdfmgBTOAlre909kwjIeSA1Djv06RDK0yrMOyfNayZsXDalcGUWlMwyl8Il05d8Lhs18cjclabV0AozLuVDBQHLdPMJxxPYcdO83beZjqBseLIwZ1pJYq9DfzoQfWItKkKnkKuBBwpEJgU7sQdApms11nVItvlLLEf1Rog/xjkJFKBDPRNeRKEji0Ho92hw5Br3YlRPDYdAX9yMS+v/LbYuhcqgOafXNcxenoaRJELNmgxWMKhgCNZo25AAyOp0u0HzAiC7jn8pivUDDn9YNpjZOuUZR12B9Gs/DUz6a62hkDL8p/GPWH1KcxiusPT6eMdv5uGBelYQqV9s0fdnolYRmalU23UHN60OZf/dZcjYcbzCnagXVy1kyg1QNvpPNaxMqiIhhnlRYNOv4mB3zAsK9O9FjAYGxd/vOwC6rhzZQsfbJo/Zh7oqhkxN7elLAeezNquX36nKSFKQPlH0eW6e7tXwjI0bu+9zHsvVIs6zuew8U4JSpEHlRTexfGkZ4lFTyf8BmZdewLUpSoilmhhMOkyzv04wBPSvlkWKyqLe/BxaGxYo9E8AkufLm9sCmolQV+Ql4nD7xWt37AT/itdg81b3fdDsHfgop/VeCisV7CzqZXJryogasAro7F2MYzmOcaGqI/SnjnEQ5XKtA2KTjK6HeJAmtdMOCJYXOVImWY9NMwEvopO91E8WdogKLxUFqYsvKyqZiR5AiIIyy8WSZ+A1iQYguigw7vaiguQcJM6PRwKqpVNmN0dXDJ3YiMFv6KjUp3Wl26dRmgQLgYT9h5A5AUalo9/Zurl+pbHTIdQyz5KpPJ5SjfLGYR1+Fv6UG6WhUP1R+mmk+yswQ1d1uns0sUBVB55F0dd2/5cllE0J7FvN6kQoonKvyeQdUPhoGLi0vapJEVKxM3PcF34EZDFunbiXS0a5X0UX5VAyHXFGZQViQp5Z74hpE9QL4C+Zkb++zskypxyELm2Sc+n21QooWsISiqxD9VBDORmv07NVz1+f5CnspPlNItOQmVI4p2St09ZkFlxMy6+0ZdcMd9C7SMMXDdVvTWQp9+ySMpd2cBoEZMDPtB/tGrjF69ePpievWE2sKT1ynDF4zA8rEu6xDKrFq+kVeJW4XMRFRgyKmSDrkkvE/Es/X3M8lDMtVB0+/lUBqSVgUV2ujZ9EYhEBixV2nC9M1RzUH5Gvv1fKKvPd8xcR+c9ZQOzOxMkD/ErxEqJ8l9onXfifyN9rBNa9D7HUwkySyYVnq/nmScCpcG/JT8aV5VIYC0jbyjfMQKbnjtXvBJFZEF0QJ0ZB8tF+7UH3YtV4sXCSFyjKSceXBB4MQI4y/Vfn1ZZsEqEYSDdERaodfHXvx11Z8iRqsCpLO7+/AhalIzqq/w4+L8FR329ng2hW9beoJHgtteSrEuBaL/4M/GgYX/GVDXMgg2whbYgD5nO4SfTNRFWJIRkxnU/YJjuE2jLMQ5BJ6IBKEpRTbp6ZsleouBGe89kf74E+a1sBhKCXR7vHZKgrflYIVbJRDTeKSqB/va5oY3N8bzXUfLgadCUx3bbX6J3OY936T//G7rx0I9e/E/21u1s9kN8R1jGKTqOrM/9JgMR+cmtalfivoAzHTzIGptwl2Dtxk5YfcoNXyKq6IgYyI9e6HvoTOJ41U7zsPFd97Z68oQ35rFpxt2yJajMNfRbv0hnAgKXBgVx7JktBnZwR3xJaO8LNPjRZbgZjdzpq+3vE6wX8xiV9uxCZNvJOU7Oh86/CiuGRhxchgcBrjwaIRWA2P6ZgaN0Ttylpefh0EI3/1e+NgIGzKxq5Yqc+6qJpfXYYAHNwrUfQajlWN/zoaowtE+I4v0kjrEOcHRvYwK7COgdStIdxmD4wK8xzCIsCM3CEKji+P5CS3I5hijvm415H1gNBvwUGqeE8ppEkWclgezZMccWfbpYlmaIDx6kHacIyWS35CuPPGllnhbO3gnoQWyp8F/5sS94QCXLz9f5kUpZT6K3CllWXyqoP094rTyOMRHwtNXtpaQ68EE2M2LjtNKXl2utIrBXENPlJNyaPyY0oEgbjJorRtygwYobA8ayIM8N8HFiafvT82yrnDFHo6dbgIre5caZ+u7JEnmkjq2araiNxT9Dx3g8o14/8NChOevU692MXfuoy34bTz1jtAvZQx61trvbokgSOUyKzEjLn4gKMctC3XUi10Hm4+8jQMko9AhFE4bNaPwDqSr0ODvuzlaVe8g3WTWG0ztLAlL1FkF1GKcg12Lrp8LFjGre9VIuSIlxcUznmBN2Ap43KUIo8lcXxDQMHRIKaRCBA7GiHV7lIpccVUgfdRSH26C3eqUw3U1zxLOj/vPcbex4B6oQK/lcjw+OnF5AGpIVsK0TW6x8e15D9KHNogjtFonnU+LglXUuKf2/Wtpa/twBt3s+/ga/QAKt6ZZd77kBjpCFbapEYYXRs8B96Edn/iQDditXgBhwlxm5S/wTpPj/4tjHt5ql8uSuW7gjR+UZ8xg5HGp/gIH2gF89vdHbzeFcRZPJiY7n6gBCP2aKuJrG0xl7MecOJIarfLFu9noZIygeI2kDPcGRa/k64i9iLC/f51pcDcMQfdkYJtbCmRhIik31X7Fe7s/bGl6bC4dwcMAl9Gj3xyo28Zs7VObv9jm2KYrZ715TI/NJlD9sm87apOgJ3frSDzAa7mKHZBhz3iOP0IKNC/L3/eWQ1NHUSU0JETMsX4daPjqC9hStRvCpm5XxTgOU9sjzjYowdE2OQnyxnbwFvbhXHO9BiyX72z1eGZ7vh/KRrdWg8mxXtkdIEIxr9x3KBL1fPolnORT/jsSqSFB8BjH+eM7IaBUjo++WxuYQ4+VkKUTyf4gbIggLy7ji83paUhNuSKLqvlaeRe8RY99mR+3fo3BN7YJvMbQPPEScpJP2sjdIsk45DxEzZL82sDNaalHEnBdJVKbspL4AlgwcXMZ9uU9NH2KwJW0/6yPDVaRUl6mRFOcV/y6STqMUVUVoNTlyQxSv2JVhY7Gph+xIsntaniNhp/gnyzlmSwGgti3spqIN3zUg9aqmtDUAv3xKUOGekybOCVVew/UGl6AcC2zt6VakenkMcJPy4KV7JcTn7YQh4W4wYRYkfyIdRumgFifwj7+IAoyIrdJcix6NuNnUYb+1MycSKqw3yQj/SHhlzgjegBFo/XMQQjWu6d8rOISwNMU+yyq2B2fbblcM46JOsMv3r1ILSvU5aU8yiFlkh+y8Y2VZQM3JBnZwlQUvdH9FbIMG7BgWCq0lqiiHs7MA/QwOZjrQVIO/9d+U1eXB3HQmBfJt3HjXveXRhJYtymdkgPty5yuDuTIVbeOOF4dXLzDX14FC2aSqfPips+YaWKN62b+hV7kEKcDl9myojtEifmyB4/xKG1u/Lf9GxbrBVSqhYXOXVP7NcGWWmTs9dEno6k/sZn8waMECjUg9O+3Zi5gUww/mUbUyRCKQrFnAwWoLOuoccAQ3s46jPQcNSbhVL8uRKPNm6/o5CxNYbHLEBiBxDOyeul63m416JnAm5l/1N6Clzg36K8aVUjkNF4LT5spp9Pq1W2OHfHxt1ht/OGF1suPYCVl3reZfboyY297dwdZjh6pNT/5wNWUYvdkJl8o38YCJ1O+SeAzVi5P1IsvY5POfBqubh382d3laX7xRWgb844E3L5ZtQLHINadIthQbQ64hSdouMHmnsOk+KAJ1bx6Uaq+4j9fnosqVaZZO4Xzb9FQ9KGHboRJJgqiwTApmf9WknHn/Pp00bixOoscrCRZ8GoZLXcQaoFzjS7eQlbG2mped/Elguv4Dt+KkA/zN3s64zox3d5df7E2Pej3WAf8vymFkhee7AfP36ZD1AFfkMYcBVeNTTm/Ka7zBEsO5Jy7YforHckpY+qKbyr8xdxiKYzrwVKPO4DbiMfh/5l8ywYUhIsLcyTUs6/fQ396kNE9BoSL2hneSOYoX11fKDPHQWx9OAa6O+X1oDIUMZov96ekKPMZny9Ha6A52umcRmPCZKrSs+xefknlwcojWeQ64g3xjC4AXPBSyN1ctimbFq3PbRG5RNdWgNdI33I3HMyTBzBJaoUh1NyhMF2/zSpGUMGkfnce/YF7vlkpQF9hWuemxdAYjs7GqD/FyM8BOkP6npZ0cmtZgNi/LSdIfNCiWJ7hzbV8zRv7Xqg0OZRgJ+6MwRp9zYJGPJE0dN0LVwirpwBrqykb0fsGi0KuTZS0ftH5AyuGgs3BXvwfsn/Gfj4X4VazBKpH7WPmHKC0+SjSTXig/C26y/lGlsKFc4r/BeSEUpVYPZzjUDQcSouZlo4KWH2bTnuold5oP15X4EyzzSSgtjKMpHW4LrkGDRfMfCBPbJ2HsmmtSuQGuZ7dM8HvpYqfex/99SuUWBYwKefqcTg== X-IPAS-Result: A2CNAQCF16hb/wHyM5BaHAEBAQQBAQcEAQGBU4IJA4EIXCiMaItJgWiCfpN2FIFdLBMBhQSDFiE2FgEDAQEBAQEBAgFsHAyCNSSCYAMDAQIkEwYBAQwgDAIDCQEBQAgIAwEtFAERBgEHBQYCAQEBGASDAIFqAxUDlxGKHIFqM4J1AQEFgQQBAXWCMAOCUwgXimEXggCBEicMhyoBEgGFd4hKhXYxjhAJggyOFx1ZiDuGGI57h1cCL2RxTSMVO4JsghkMF4NGihwBVU97AQGJfYI9AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2018 12:29:33 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCTWL7028698; Mon, 24 Sep 2018 08:29:33 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8M0Hd0I018237 for ; Fri, 21 Sep 2018 20:17:39 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8M0HcfU009819 for ; Fri, 21 Sep 2018 20:17:39 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AwAADYiKVbly0bGNZbHQEBBQEHBQGBU4IJgWcog3OIdItLgWiCfpN2gXqEdwJCgwQhNhYBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOYJoocb3szgnUBAQWBBAEBdYI+A4JRCBd0iWUXggCBEicMil6CV4hKhXQxjg0JggyOFx1ZiDuGFI53h1MJgX1NIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IPAS-Result: A1AwAADYiKVbly0bGNZbHQEBBQEHBQGBU4IJgWcog3OIdItLgWiCfpN2gXqEdwJCgwQhNhYBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAiYCAkUSBgEMBgIBAYMdgWoDFQOYJoocb3szgnUBAQWBBAEBdYI+A4JRCBd0iWUXggCBEicMil6CV4hKhXQxjg0JggyOFx1ZiDuGFI53h1MJgX1NIxWDJ4IZDA4Jg0aKHAFVT45UAQE X-IronPort-AV: E=Sophos;i="5.54,287,1534824000"; d="scan'208";a="375812" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 21 Sep 2018 20:17:38 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AtAACWiaVbly0bGNZbHQEBBQEHBQGBU4IJgWcog3OIdItLgWiCfpN2gXqEdwJCgwQhNhYBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVA5ggihxvezOCdQEBBYEEAQF1gj4DglEIF3SJZReCAIESJwyKXoJXiEqFdDGODQmCDI4XHVmIO4YUjneHUwmBfU0jFYMnghkMDgmDRoocAVVPjlQBAQ X-IPAS-Result: A0AtAACWiaVbly0bGNZbHQEBBQEHBQGBU4IJgWcog3OIdItLgWiCfpN2gXqEdwJCgwQhNhYBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVA5ggihxvezOCdQEBBYEEAQF1gj4DglEIF3SJZReCAIESJwyKXoJXiEqFdDGODQmCDI4XHVmIO4YUjneHUwmBfU0jFYMnghkMDgmDRoocAVVPjlQBAQ X-IronPort-AV: E=Sophos;i="5.54,287,1534809600"; d="scan'208";a="18546022" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 22 Sep 2018 00:17:37 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;18c792a5-23f0-41c5-a60b-3e292116b167 Authentication-Results: UPDC3CPA09.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic306-10.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 54147878|UPDC3CPA09_EEMSG_MP25.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 74.6.132.49 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DBAABFiaVbhzGEBkpbHQEBBQEHBQGBU4NwKINziHSNM4J+k3aBeoR3AkKDBBkGBjIWAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVmCmKHG97M4J1AQEFgQQBAXWCPgOCUQgXdIl8ggCBEicMil6CV4hKhXQxjg0JggyOFx1ZiDuGFI53h1MJgX1NIxWDJ4IZDA4Jg0aKHAFVHzCOVAEB X-IPAS-Result: A0DBAABFiaVbhzGEBkpbHQEBBQEHBQGBU4NwKINziHSNM4J+k3aBeoR3AkKDBBkGBjIWAQMBAQEBAQEBAQETAQEBCA0JCBsOIwyCNSSCYAMDIwQZAQE4DyUCJgICRRIGAQwGAgEBgx2BagMVmCmKHG97M4J1AQEFgQQBAXWCPgOCUQgXdIl8ggCBEicMil6CV4hKhXQxjg0JggyOFx1ZiDuGFI53h1MJgX1NIxWDJ4IZDA4Jg0aKHAFVHzCOVAEB Received: from sonic306-10.consmr.mail.bf2.yahoo.com ([74.6.132.49]) by UPDC3CPA09.eemsg.mail.mil with ESMTP; 22 Sep 2018 00:17:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537575453; bh=fgnGW7YBVBAQItw8fK/1P4rs3EmF4/uKZk7uW14uDgU=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=sZp+05X/LVMSqts2ZPDB+I1rDwHd9zVDHItscHIPtI8GCJMslmbTM+IlN0p/YDOvf3hlhfpPBPTx0sNghsCdccFggJr2m+gVOQlT70J7wtaAKCSQV3Ki94qVafOlJgx9p8mao8GgNDxq7mJlRppT6RJ5vxNFQLLB9lW8lTqQd1IwvFmz3TM8HBOk0zNhiMq09CIqXFZppeSciEVYXNVW92nYUVteEOuFJTL7FfHqxkgoKjwgA3ue33T6f4NHTE3DNZ+BFd2l8yZncPeCVm3PbsXq9KWm6SjftWqSC4rr3GhbB5ERhOlgVq7i6AmKFAv1FQszmlXpSPCTNHe6UIq3xA== X-YMail-OSG: eS2hAUoVM1mavthSOPBKXr164KY3Fc_SMuVv3QP91Jhb4MBkYvZM8rl1ne1mnWx d0Fo55Jcri5Jh_v553qUGYR8q6yK3HFHtPzfIiqvoYuSUGyorJjkXJTKxf7Hjz8ifTlPhqBwkPWt oD.0763lQ2qwrBGGIsGzJv7wgGrUDD18U3PV9ahX9d0bfr3Z9V1aP0UGv2Cn5ZBgTDXZjPfTQV1Z _PzImruRJoiVJCvb3Rd2QpAbZNPWDj30p9blG3VvBGcNLV9l8LrG9k1uQyEfZRu.3RsB2HM0M3YA qI4mSlVslT3Q9wxeYNjGtM_SMuUPnwKcmOcCfdUM66WvnDe2w8x.WC9QXg6brI8yP7w8JiB5sda7 GbGzlSSe_D03aIrOPENvA_nqEZCAcXnsuA0p.nm_iyYm9IFQw3vxRl3jQyE_OqsQs1s.3palSXtH 9JoTxcaDek9NQJMVhBfarjtrF5pN7rMSrjzYyBIP6iXnbUVKinEAfUQ7mNrOvgMUGYe8sYmkiXA6 S3.G85F65D4lfuZ3_WXwudA64kuzQWxgYPrgjQN4n1qW86BnlR_7nxDWus_jDyqhQnE6q_c.PrJP 8EHBJ.GxHSAhNn1o77q1.dyfCFcIt.vWL9OSyafh9pO.oJ2WJXEckc.M9315JwyWPl8fsljJhWQb ghCl9Zwpx6yTdQhHCarLpnZfLllzQo_C8GLleg.z_t1lZaJHA9m05DMO3WRrszJdtQ1nlmazYRH8 5YL9INi0HHPKH0LvyCCv74fMzJKt4nLbXmvOvDlQ494r9ygmdipbk0gY_tVEs8E9zIJgo3A6eb60 XXkUu.013I81MIFmXaUjofAi6EGVYCUUnAy2Edy1noE.CUTFMMCRun3JrkTI8aWmxCPGrJsUkH.o 5iy0h3SmRuH1UemdriA34qB8iZi8A9rAlY4m8jNknSOTLSanK6F7DX2wQPeBEtQ7_6w8kldhKNaQ _pOrLJSvmYVMof73c0qhRWRLbQWHneJiqzrvdvtXcw5OOX3q6sJZ_cvWGMiVjzivwMy_a8Swwurt fyqRQwbgucWQK0FeZjFXbV3sYoVK8LNI- Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.bf2.yahoo.com with HTTP; Sat, 22 Sep 2018 00:17:33 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp429.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID e31236e55fb46ae50941c78f1aaaf6e2; Sat, 22 Sep 2018 00:17:30 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <5360cd42-5827-58af-515c-6e1ded1d9154@schaufler-ca.com> Date: Fri, 21 Sep 2018 17:17:25 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH v4 04/19] SELinux: Remove cred security blob poisoning X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP The SELinux specific credential poisioning only makes sense if SELinux is managing the credentials. As the intent of this patch set is to move the blob management out of the modules and into the infrastructure, the SELinux specific code has to go. The poisioning could be introduced into the infrastructure at some later date. Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook --- kernel/cred.c | 13 ------------- security/selinux/hooks.c | 6 ------ 2 files changed, 19 deletions(-) diff --git a/kernel/cred.c b/kernel/cred.c index ecf03657e71c..fa2061ee4955 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -704,19 +704,6 @@ bool creds_are_invalid(const struct cred *cred) { if (cred->magic != CRED_MAGIC) return true; -#ifdef CONFIG_SECURITY_SELINUX - /* - * cred->security == NULL if security_cred_alloc_blank() or - * security_prepare_creds() returned an error. - */ - if (selinux_is_enabled() && cred->security) { - if ((unsigned long) cred->security < PAGE_SIZE) - return true; - if ((*(u32 *)cred->security & 0xffffff00) == - (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8)) - return true; - } -#endif return false; } EXPORT_SYMBOL(creds_are_invalid); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9d6cdd21acb6..80614ca25a2b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3920,12 +3920,6 @@ static void selinux_cred_free(struct cred *cred) { struct task_security_struct *tsec = selinux_cred(cred); - /* - * cred->security == NULL if security_cred_alloc_blank() or - * security_prepare_creds() returned an error. - */ - BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); - cred->security = (void *) 0x7UL; kfree(tsec); }