Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel

From: James Morris
Date: Thu Sep 27 2018 - 17:45:25 EST

Next message: Luck, Tony: "Re: [PATCH] Raise maximum number of memory controllers"
Previous message: Mark Brown: "Re: [PATCH 4.14 31/64] spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers"
In reply to: Casey Schaufler: "[PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel"
Next in thread: Casey Schaufler: "Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 26 Sep 2018, Casey Schaufler wrote:

> + /*
> + * Namespace checks. Considered safe if:
> + * cgroup namespace is the same
> + * User namespace is the same
> + * PID namespace is the same
> + */
> + if (current->nsproxy)
> + ccgn = current->nsproxy->cgroup_ns;
> + if (p->nsproxy)
> + pcgn = p->nsproxy->cgroup_ns;
> + if (ccgn != pcgn)
> + return -EACCES;
> + if (current->cred->user_ns != p->cred->user_ns)
> + return -EACCES;
> + if (task_active_pid_ns(current) != task_active_pid_ns(p))
> + return -EACCES;
> + return 0;

I really don't like the idea of hard-coding namespace security semantics
in an LSM. Also, I'm not sure if these semantics make any sense.

It least make it user configurable.

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Luck, Tony: "Re: [PATCH] Raise maximum number of memory controllers"
Previous message: Mark Brown: "Re: [PATCH 4.14 31/64] spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers"
In reply to: Casey Schaufler: "[PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel"
Next in thread: Casey Schaufler: "Re: [PATCH v5 5/5] sidechannel: Linux Security Module for sidechannel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]