Secure in-memory storage for security context information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I would like to write a module that it seems to me is somewhat simple so
I would like to know if such a thing already exists or if my understanding
of the problem is perhaps warped.

The desired module would be a file I/O interface backed by kernel memory
with fancy access control. The access control code is the important
part and may be used to restrict access to this "file" using any one or
possibly combination of methods including but not limited to the following:

 o A uid associated with the file would indicate that only a caller with
   that uid has access to the file.
 o A ppid associated with the file would indicate that only a calling
   process with that pid or decendent of a process with that pid has access
   to the file.
 o An inode of a .so associated with the file would indicate that only
   code originating from the specified library can access the file.

The primary motivation for this module is as a secure storage for
security context information such as basic user information, credentials,
priviledges, groups, etc.

For example, imagine an HTTP server that accepts Kerberos credentials that
are to be used by worker processes to communicate with other tiers. The
only way to do this using conventional code from Heimdal or MIT is to
place the credentials into disk files. But because the disk files are
all owned by the HTTP server, all worker processes have access to all
credentials. If the Kerberos libraries used the secure storage module I
described the accepting worker could place the credential there protected
by pid, perform it's work on behalf of the client, and then delete the
storage without ever exposing the credentials to other workers.

>From userspace the code might look something like:

  int fd = open("/dev/sss0", flags)
  ioctl(fd, req, "krb5_cc[uid=1234,ppid=5678]")
  FILE *ccachefp = fdopen(fd, mode)

So the kernel extension could be a simple device file implementation. The
ioctl data "krb5_cc[uid=1234,ppid=5678]" indicates the name of the storage
and some access control parameters. If the storage is created vs opened
the access control parameters are set.

Is anyone aware of something like this that I can start from?

Thanks,
Mike

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux