medusa-team / linux-medusa Goto Github PK

There are checks similar to IS_ERR(dentry). Is this really needed? Compare with other security modules and delete if required.

There are times when code in L4 has to wait for some event (e.g. when waiting for answer from the authorization server). Sleeping and waking up in these areas is based on changing process state and waking up by PID. This approach should be replaceable by kernel waitqueue mechanism in wait.c. Read more in memory-barriers.txt. Analyze if refactoring would be beneficial and implement the change.

constable may race in am_i_constable and that can cause a null dereference. Analyze the situation and implement RCU locking mechanism.

Usage of MEDUSA_EVTYPE_NOTTRIGGERED in evtypes causes authorization server not able to synchronize internal hierarchy with actual system (filesystem, processes, etc.).

In other words, evtypes need to have bitnr assigned, so authorization server can decide whether the object can inherit security information from its parent (when object is not monitored) or it needs to be sent to authorization server to get specific security information.

See file_kobj_validate_dentry_dir in Medusa and generic_set_handler in Constable for more information.

Meta issue for project "Test socket hooks". This should be closed after the project is closed.

See medusa_ipc_ctl(). ipcp is NULL.

E.g. dget_parent instead of dentry->d_parent and others. Check the correct usage in the kernel.

Greeting has 8 bytes. Add two bytes to represent protocol number. We'll continue with version 2.

memcpy(tk->cmdline, ts_security->cmdline, sizeof(tk->cmdline)); in kobject_process.c doesn't have an effect since ts_security->cmdline is empty.

In older version of Medusa, it was populated in medusa_l1_task_alloc, but this hook was disabled.

One solution would be to bring back get_cmdline call to process_kern2kobj like it used to be.

kobject_file.h is in includes and also in l2.

Current implementation uses just ilookup. It would be better to use internal cache (as in kobject_file implementation) and then use ilookup as a fail-safe if the inode is not present in the internal cache.

Take inspiration from https://elixir.bootlin.com/linux/latest/source/security/keys/keyctl.c#L1696.

Try to compile Medusa with CONFIG_SECURITY_MEDUSA_HOOKS_TASK_KILL not set.