Re: [PATCH v3 14/22] security: define kernel_read_file hook
On Thu, 2016-02-11 at 08:54 -0800, Casey Schaufler wrote: > On 2/3/2016 11:06 AM, Mimi Zohar wrote: > > The kernel_read_file security hook is called prior to reading the file > > into memory. > > > > Signed-off-by: Mimi Zohar > > Acked-by: Casey Schaufler > > Being able to deny the read prior to performing any > real work makes a lot of sense. Thanks, Casey! Mimi ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v3 14/22] security: define kernel_read_file hook
On 2/3/2016 11:06 AM, Mimi Zohar wrote: > The kernel_read_file security hook is called prior to reading the file > into memory. > > Signed-off-by: Mimi Zohar Acked-by: Casey Schaufler Being able to deny the read prior to performing any real work makes a lot of sense. > --- > fs/exec.c | 4 > include/linux/ima.h | 6 ++ > include/linux/lsm_hooks.h | 8 > include/linux/security.h | 7 +++ > security/integrity/ima/ima_main.c | 16 > security/security.c | 12 > 6 files changed, 53 insertions(+) > > diff --git a/fs/exec.c b/fs/exec.c > index 5629958..1d39c4e 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -842,6 +842,10 @@ int kernel_read_file(struct file *file, void **buf, > loff_t *size, > if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) > return -EINVAL; > > + ret = security_kernel_read_file(file, id); > + if (ret) > + return ret; > + > i_size = i_size_read(file_inode(file)); > if (max_size > 0 && i_size > max_size) > return -EFBIG; > diff --git a/include/linux/ima.h b/include/linux/ima.h > index 7aea486..6adcaea 100644 > --- a/include/linux/ima.h > +++ b/include/linux/ima.h > @@ -19,6 +19,7 @@ extern int ima_file_check(struct file *file, int mask, int > opened); > extern void ima_file_free(struct file *file); > extern int ima_file_mmap(struct file *file, unsigned long prot); > extern int ima_module_check(struct file *file); > +extern int ima_read_file(struct file *file, enum kernel_read_file_id id); > extern int ima_post_read_file(struct file *file, void *buf, loff_t size, > enum kernel_read_file_id id); > > @@ -48,6 +49,11 @@ static inline int ima_module_check(struct file *file) > return 0; > } > > +static inline int ima_read_file(struct file *file, enum kernel_read_file_id > id) > +{ > + return 0; > +} > + > static inline int ima_post_read_file(struct file *file, void *buf, loff_t > size, >enum kernel_read_file_id id) > { > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index 7d04a12..d32b7bd 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -552,6 +552,12 @@ > * the kernel module to load. If the module is being loaded from a blob, > * this argument will be NULL. > * Return 0 if permission is granted. > + * @kernel_read_file: > + * Read a file specified by userspace. > + * @file contains the file structure pointing to the file being read > + * by the kernel. > + * @id kernel read file identifier > + * Return 0 if permission is granted. > * @kernel_post_read_file: > * Read a file specified by userspace. > * @file contains the file structure pointing to the file being read > @@ -1455,6 +1461,7 @@ union security_list_options { > int (*kernel_create_files_as)(struct cred *new, struct inode *inode); > int (*kernel_module_request)(char *kmod_name); > int (*kernel_module_from_file)(struct file *file); > + int (*kernel_read_file)(struct file *file, enum kernel_read_file_id id); > int (*kernel_post_read_file)(struct file *file, char *buf, loff_t size, >enum kernel_read_file_id id); > int (*task_fix_setuid)(struct cred *new, const struct cred *old, > @@ -1715,6 +1722,7 @@ struct security_hook_heads { > struct list_head cred_transfer; > struct list_head kernel_act_as; > struct list_head kernel_create_files_as; > + struct list_head kernel_read_file; > struct list_head kernel_post_read_file; > struct list_head kernel_module_request; > struct list_head kernel_module_from_file; > diff --git a/include/linux/security.h b/include/linux/security.h > index cee1349..071fb74 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -302,6 +302,7 @@ int security_kernel_act_as(struct cred *new, u32 secid); > int security_kernel_create_files_as(struct cred *new, struct inode *inode); > int security_kernel_module_request(char *kmod_name); > int security_kernel_module_from_file(struct file *file); > +int security_kernel_read_file(struct file *file, enum kernel_read_file_id > id); > int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, > enum kernel_read_file_id id); > int security_task_fix_setuid(struct cred *new, const struct cred *old, > @@ -863,6 +864,12 @@ static inline int > security_kernel_module_from_file(struct file *file) > return 0; > } > > +static inline int security_kernel_read_file(struct file *file, > + enum kernel_read_file_id id) > +{ > + return 0; > +} > + > static inline int security_kernel_post_read_file(struct file *file, >char *buf, loff_t size, >
Re: [PATCH v3 14/22] security: define kernel_read_file hook
On Wed, Feb 03, 2016 at 02:06:22PM -0500, Mimi Zohar wrote: > The kernel_read_file security hook is called prior to reading the file > into memory. > > Signed-off-by: Mimi Zohar Acked-by: Luis R. Rodriguez Luis ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v3 14/22] security: define kernel_read_file hook
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote: > The kernel_read_file security hook is called prior to reading the file > into memory. > > Signed-off-by: Mimi Zohar Acked-by: Kees Cook -Kees > --- > fs/exec.c | 4 > include/linux/ima.h | 6 ++ > include/linux/lsm_hooks.h | 8 > include/linux/security.h | 7 +++ > security/integrity/ima/ima_main.c | 16 > security/security.c | 12 > 6 files changed, 53 insertions(+) > > diff --git a/fs/exec.c b/fs/exec.c > index 5629958..1d39c4e 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -842,6 +842,10 @@ int kernel_read_file(struct file *file, void **buf, > loff_t *size, > if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) > return -EINVAL; > > + ret = security_kernel_read_file(file, id); > + if (ret) > + return ret; > + > i_size = i_size_read(file_inode(file)); > if (max_size > 0 && i_size > max_size) > return -EFBIG; > diff --git a/include/linux/ima.h b/include/linux/ima.h > index 7aea486..6adcaea 100644 > --- a/include/linux/ima.h > +++ b/include/linux/ima.h > @@ -19,6 +19,7 @@ extern int ima_file_check(struct file *file, int mask, int > opened); > extern void ima_file_free(struct file *file); > extern int ima_file_mmap(struct file *file, unsigned long prot); > extern int ima_module_check(struct file *file); > +extern int ima_read_file(struct file *file, enum kernel_read_file_id id); > extern int ima_post_read_file(struct file *file, void *buf, loff_t size, > enum kernel_read_file_id id); > > @@ -48,6 +49,11 @@ static inline int ima_module_check(struct file *file) > return 0; > } > > +static inline int ima_read_file(struct file *file, enum kernel_read_file_id > id) > +{ > + return 0; > +} > + > static inline int ima_post_read_file(struct file *file, void *buf, loff_t > size, > enum kernel_read_file_id id) > { > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index 7d04a12..d32b7bd 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -552,6 +552,12 @@ > * the kernel module to load. If the module is being loaded from a blob, > * this argument will be NULL. > * Return 0 if permission is granted. > + * @kernel_read_file: > + * Read a file specified by userspace. > + * @file contains the file structure pointing to the file being read > + * by the kernel. > + * @id kernel read file identifier > + * Return 0 if permission is granted. > * @kernel_post_read_file: > * Read a file specified by userspace. > * @file contains the file structure pointing to the file being read > @@ -1455,6 +1461,7 @@ union security_list_options { > int (*kernel_create_files_as)(struct cred *new, struct inode *inode); > int (*kernel_module_request)(char *kmod_name); > int (*kernel_module_from_file)(struct file *file); > + int (*kernel_read_file)(struct file *file, enum kernel_read_file_id > id); > int (*kernel_post_read_file)(struct file *file, char *buf, loff_t > size, > enum kernel_read_file_id id); > int (*task_fix_setuid)(struct cred *new, const struct cred *old, > @@ -1715,6 +1722,7 @@ struct security_hook_heads { > struct list_head cred_transfer; > struct list_head kernel_act_as; > struct list_head kernel_create_files_as; > + struct list_head kernel_read_file; > struct list_head kernel_post_read_file; > struct list_head kernel_module_request; > struct list_head kernel_module_from_file; > diff --git a/include/linux/security.h b/include/linux/security.h > index cee1349..071fb74 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -302,6 +302,7 @@ int security_kernel_act_as(struct cred *new, u32 secid); > int security_kernel_create_files_as(struct cred *new, struct inode *inode); > int security_kernel_module_request(char *kmod_name); > int security_kernel_module_from_file(struct file *file); > +int security_kernel_read_file(struct file *file, enum kernel_read_file_id > id); > int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, >enum kernel_read_file_id id); > int security_task_fix_setuid(struct cred *new, const struct cred *old, > @@ -863,6 +864,12 @@ static inline int > security_kernel_module_from_file(struct file *file) > return 0; > } > > +static inline int security_kernel_read_file(struct file *file, > + enum kernel_read_file_id id) > +{ > + return 0; > +} > + > static inline int security_kernel_post_read_file(struct file *file, > char *buf, loff_t s
[PATCH v3 14/22] security: define kernel_read_file hook
The kernel_read_file security hook is called prior to reading the file into memory. Signed-off-by: Mimi Zohar --- fs/exec.c | 4 include/linux/ima.h | 6 ++ include/linux/lsm_hooks.h | 8 include/linux/security.h | 7 +++ security/integrity/ima/ima_main.c | 16 security/security.c | 12 6 files changed, 53 insertions(+) diff --git a/fs/exec.c b/fs/exec.c index 5629958..1d39c4e 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -842,6 +842,10 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) return -EINVAL; + ret = security_kernel_read_file(file, id); + if (ret) + return ret; + i_size = i_size_read(file_inode(file)); if (max_size > 0 && i_size > max_size) return -EFBIG; diff --git a/include/linux/ima.h b/include/linux/ima.h index 7aea486..6adcaea 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -19,6 +19,7 @@ extern int ima_file_check(struct file *file, int mask, int opened); extern void ima_file_free(struct file *file); extern int ima_file_mmap(struct file *file, unsigned long prot); extern int ima_module_check(struct file *file); +extern int ima_read_file(struct file *file, enum kernel_read_file_id id); extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); @@ -48,6 +49,11 @@ static inline int ima_module_check(struct file *file) return 0; } +static inline int ima_read_file(struct file *file, enum kernel_read_file_id id) +{ + return 0; +} + static inline int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id) { diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 7d04a12..d32b7bd 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -552,6 +552,12 @@ * the kernel module to load. If the module is being loaded from a blob, * this argument will be NULL. * Return 0 if permission is granted. + * @kernel_read_file: + * Read a file specified by userspace. + * @file contains the file structure pointing to the file being read + * by the kernel. + * @id kernel read file identifier + * Return 0 if permission is granted. * @kernel_post_read_file: * Read a file specified by userspace. * @file contains the file structure pointing to the file being read @@ -1455,6 +1461,7 @@ union security_list_options { int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); int (*kernel_module_from_file)(struct file *file); + int (*kernel_read_file)(struct file *file, enum kernel_read_file_id id); int (*kernel_post_read_file)(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id); int (*task_fix_setuid)(struct cred *new, const struct cred *old, @@ -1715,6 +1722,7 @@ struct security_hook_heads { struct list_head cred_transfer; struct list_head kernel_act_as; struct list_head kernel_create_files_as; + struct list_head kernel_read_file; struct list_head kernel_post_read_file; struct list_head kernel_module_request; struct list_head kernel_module_from_file; diff --git a/include/linux/security.h b/include/linux/security.h index cee1349..071fb74 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -302,6 +302,7 @@ int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_kernel_module_from_file(struct file *file); +int security_kernel_read_file(struct file *file, enum kernel_read_file_id id); int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id); int security_task_fix_setuid(struct cred *new, const struct cred *old, @@ -863,6 +864,12 @@ static inline int security_kernel_module_from_file(struct file *file) return 0; } +static inline int security_kernel_read_file(struct file *file, + enum kernel_read_file_id id) +{ + return 0; +} + static inline int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 4a5db31..6f79bdf 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -338,6 +338,22 @@ int ima_modul