Re: RFC: New LSM to control usage of x509 certificates

From: Paul Moore
Date: Tue Oct 17 2023 - 11:46:23 EST


On Tue, Oct 17, 2023 at 9:48 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Thu, 2023-10-05 at 12:32 +0200, Mickaël Salaün wrote:
> > > > > A complementary approach would be to create an
> > > > > LSM (or a dedicated interface) to tie certificate properties to a set of
> > > > > kernel usages, while still letting users configure these constraints.
> > > >
> > > > That is an interesting idea. Would the other security maintainers be in
> > > > support of such an approach? Would a LSM be the correct interface?
> > > > Some of the recent work I have done with introducing key usage and CA
> > > > enforcement is difficult for a distro to pick up, since these changes can be
> > > > viewed as a regression. Each end-user has different signing procedures
> > > > and policies, so making something work for everyone is difficult. Letting the
> > > > user configure these constraints would solve this problem.
>
> Something definitely needs to be done about controlling the usage of
> x509 certificates. My concern is the level of granularity. Would this
> be at the LSM hook level or even finer granaularity?

You lost me, what do you mean by finer granularity than a LSM-based
access control? Can you give an existing example in the Linux kernel
of access control granularity that is finer grained than what is
provided by the LSMs?

--
paul-moore.com