Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries

[Chris Wright]

* Serge E. Hallyn (serue@xxxxxxxxxx) wrote:
> > >      - support to avoid vulnerability for rewrite of shared
> > >      libraries
> > 
> > Could you elaborate on this one?
> 
> When a file is being executed, deny_write_access(file) is called to
> prevent writing until execution completes.  Because deny_write_access
> is not exported from fs/namei.c, we emulate this behavior for shared
> libraries.

Hmm, ok, so you're relying on the loader to do PROT_EXEC mmaps for
shared libraries?  Probably not required at least on x86.  Also, does
this work when executing loader directly (/lib/ld.so /bin/ps), and with
dlopen?

> > > Future works
> > > =============
> > > 
> > >      - improving the caching and revocation: it is currently tested
> > >        and will be sent out soon after stability testing
> > 
> > Should be helpful enough to cache result until thing's opened for
> > writing, or is that what you're doing now?
> 
> Exactly.  When the file is opened for writing (which as much as possible
> requires the file to not be executed), we uncache the signature
> validation.
> 
> (The new patch hashes revocations (they were on a linked list), and
> steals the seqlock-based structure Rik van Riel had suggested for
> the selinux avc cache for use in the signature revocation cache.  There
> is no change in functionality, only (hopefully) performance improvements.)

Ok, I see.  Makes sense.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/