@securepaul@fosstodon.org
@securepaul@fosstodon.org avatar

securepaul

@securepaul@fosstodon.org

Linux Kernel developer who likes playing with security things.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

securepaul, to random
@securepaul@fosstodon.org avatar

A bit later than usual, and perhaps not very exciting this time around, but here are the LSM, SELinux, and audit* highlights from the Linux v6.10 merge window.

https://paul-moore.com/blog/d/2024/05/linux_v610_merge_window.html

securepaul, to random
@securepaul@fosstodon.org avatar

The Linux v6.9 merge window opened earlier this week, here is my write-up on the LSM, SELinux, and audit highlights that were merged into Linus' tree.

https://paul-moore.com/blog/d/2024/03/linux_v69_merge_window.html

securepaul, to linux
@securepaul@fosstodon.org avatar

Quick Linux Security Summit notes:

The Linux Security Summit North America CfP closes this Sunday, February 4th; if you've been waiting to submit your proposal, the time to submit is now.

https://events.linuxfoundation.org/linux-security-summit-north-america/program/cfp/

The Linux Security Summit Europe CfP is now also open, and closes on Sunday, May 19th.

https://events.linuxfoundation.org/linux-security-summit-europe/program/cfp/

securepaul, to random
@securepaul@fosstodon.org avatar

A bit later than usual due to some personal travel earlier this week (Go Blue!), but here is my write-up on the SELinux and audit highlights from the Linux v6.8 merge window. As a bonus, I'm also going to start including LSM layer highlights as we've got some cool new things starting with Linux v6.8 :)

https://paul-moore.com/blog/d/2024/01/linux_v68_merge_window.html

securepaul, to random
@securepaul@fosstodon.org avatar

SELinux was publicly announced 23 years ago today :)

https://lore.kernel.org/lkml/200012221402.JAA11421@coalstack.epoch.ncsc.mil/

securepaul, to random
@securepaul@fosstodon.org avatar

I'm a little surprised and disappointed that the 2023 Linux Foundation TAB election only has five candidates running for the five open seats. All five of the candidates are existing TAB members.

It would seem like one of the issues the TAB should focus on this year is getting more people interested in TAB participation.

https://lore.kernel.org/lkml/e851a8e5-c4c2-4b5d-887a-509e591cff49@intel.com

securepaul,
@securepaul@fosstodon.org avatar

Looking at the results email, it appears that of the 992 eligible voters, only 203 voted. That's not a great stat, and it may help explain why there were only five candidates, all existing TAB members.

There are probably a few things one can take from this, but I can't help but wonder if the core issue is that the majority of Linux kernel developers simply don't care about the Linux Foundation's TAB?

securepaul, to random
@securepaul@fosstodon.org avatar

The Linux v6.7 merge window has been open for a few days now, here are the SELinux and audit highlights:

https://paul-moore.com/blog/d/2023/11/linux_v67_merge_window.html

securepaul, to random
@securepaul@fosstodon.org avatar

A quick update on the SELinux and audit changes in Linux v6.6:

https://www.paul-moore.com/blog/d/2023/11/linux_v66.html

securepaul, to random
@securepaul@fosstodon.org avatar

In just a few minutes I'll be delivering a quick (~15 minute) presentation on the current state of SELinux at LSS-EU.

https://www.paul-moore.com/docs/2023-lss_eu-state_of_selinux-pcmoore-r3.pdf

securepaul, to random
@securepaul@fosstodon.org avatar

Since it worked well with the Linux v6.5 merge window, here are my notes on the SELinux and audit kernel changes that went into Linus' tree for the upcoming Linux v6.6 release:

https://www.paul-moore.com/blog/d/2023/08/linux_v66_merge_window.html

securepaul, to random
@securepaul@fosstodon.org avatar

On August 8, 2003 Linux v2.6.0-test3 was released and included the first release of SELinux in an upstream Linux kernel. Happy 20th birthday SELinux!

https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/pre-releases/ChangeLog-2.6.0-test3

#selinux

securepaul, to android
@securepaul@fosstodon.org avatar

Ten years ago today, Android 4.3 (Jelly Bean) was released, the first Android release to support SELinux. Happy birthday SEAndroid!

https://source.android.com/docs/security/enhancements/enhancements43

securepaul, to random
@securepaul@fosstodon.org avatar

It was recently suggested that my SELinux and audit kernel highlights might be more useful if I wrote them during the merge window instead of waiting for the proper kernel release. With that in mind, here are the highlights from the SELinux and audit pull requests for Linux v6.5:

https://www.paul-moore.com/blog/d/2023/06/linux_v65_merge_window.html

securepaul, to random
@securepaul@fosstodon.org avatar

Linux v6.4 was released on Sunday and while there are no audit updates worth mentioning, there were some significant SELinux changes:

https://www.paul-moore.com/blog/d/2023/06/linux_v64.html

securepaul,
@securepaul@fosstodon.org avatar

@kernellogger I've always felt that my little highlight posts made more sense once the kernel was actually released, but you make a good point, and getting better awareness of the SELinux and audit changes is the main motivation for these posts.

If I can carve out some time on Friday, perhaps I'll start with this merge window.

raptor, to random

Fun attack against ๐Ÿง๐Ÿ”“

Bypassing SELinux with init_module

https://seanpesce.blogspot.com/2023/05/bypassing-selinux-with-initmodule.html

securepaul,
@securepaul@fosstodon.org avatar

@raptor @kcinimod

As Dominick already said, SELinux does provide control points for both finit_module() and init_module(), although restricting both pathways requires a properly written SELinux policy. You mention this is a IoT device, so it's likely the SELinux policy has some bugs.

Also, a good Linux security best practice is to require signed kernel modules; if that was enforced here it would have also prevented this attack. Allowing arbitrary kernel code execution is never a good idea ;)

securepaul, to linux
@securepaul@fosstodon.org avatar

Next week I'll be moderating a panel of LSM maintainers, if you could ask them a question, what would you ask?

https://events.linuxfoundation.org/linux-security-summit-north-america/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • โ€ข
  • JUstTest
  • ngwrru68w68
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • GTA5RPClips
  • Durango
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • provamag3
  • tacticalgear
  • osvaldo12
  • tester
  • cubers
  • cisconetworking
  • mdbf
  • ethstaker
  • modclub
  • Leos
  • anitta
  • normalnudes
  • megavids
  • lostlight
  • All magazines
    •