[PATCH bpf-next v10 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached

Paul Moore paul at paul-moore.com
Thu May 9 20:24:17 UTC 2024


On Wed, May 8, 2024 at 3:00 AM KP Singh <kpsingh at kernel.org> wrote:
> One idea here is that only LSM hooks with default_state = false can be toggled.
>
> This would also any ROPs that try to abuse this function. Maybe we can call "default_disabled" .toggleable (or dynamic)
>
> and change the corresponding LSM_INIT_TOGGLEABLE. Kees, Paul, this may be a fair middle ground?

Seems reasonable to me, although I think it's worth respinning to get
a proper look at it in context.  Some naming bikeshedding below ...

> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 4bd1d47bb9dc..5c0918ed6b80 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -117,7 +117,7 @@ struct security_hook_list {
>         struct lsm_static_call  *scalls;
>         union security_list_options     hook;
>         const struct lsm_id             *lsmid;
> -       bool                            default_enabled;
> +       bool                            toggleable;
>  } __randomize_layout;

How about inverting the boolean and using something like 'fixed'
instead of 'toggleable'?

-- 
paul-moore.com



More information about the Linux-security-module-archive mailing list