From: Mark Wielaard <mark@klomp.org>
To: "Frank Ch. Eigler" <fche@redhat.com>
Cc: elfutils-devel@sourceware.org
Subject: Re: [PATCH] PR28204, debuginfod IMA
Date: Tue, 31 Oct 2023 14:20:07 +0100 [thread overview]
Message-ID: <2148d29762c2046d5d7ce88df51ef91eb2113046.camel@klomp.org> (raw)
In-Reply-To: <20231027191555.GD22548@redhat.com>
Hi Frank,
On Fri, 2023-10-27 at 15:15 -0400, Frank Ch. Eigler wrote:
> > > I would not expect the emailed patch to apply, esp. with all the other
> > > work done in the intermediate months, which is why the code is also in
> > > the git branch. The binary files do not seem effectively reviewable
> > > anyway.
> >
> > It would be really convenient though. And modern git format-patch does
> > includes base tree information which allows tools to stich commits at
> > the right place.
>
> (I would be surprised if many-month-old patches could just be
> automatically "stitched".)
>
> > It would also help with patchwork and pre-commit CI.
> > https://git-scm.com/docs/git-format-patch#_base_tree_information
>
> Considering how easily the trybots can process the actual code - and
> have done so before posting the patch for review - we can consider
> some CI well done already. After approval but before merge, it would
> undergo another round of trybotting. With such workflow, patchwork
> does not need to concern itself with additional pre-commit CI/CD.
My point is really that posting with git format-patch or send-email
makes it possible for someone to simply use git am, b4 or git pw to try
out a patch. If the patch doesn't apply then that will be the first
review issue.
> > > > [...]
> > > > > The default is ima:permissive mode, which allows signatures to
> > > > > function like a checksum to detect accidental corruption, but accepts
> > > > > operation in a mix of signed and unsigned packages & servers.
> > > >
> > > > I still think "permissive" is confusing. Since it is a term also used
> > > > by e.g. selinux, but doesn't work that way. And it doesn't seem
> > > > connected with the threat-model that enforcing protects against.
> > >
> > > The connection is the following:
> > > "enforcing" mode protects against accidental or deliberate (MITM) corruption.
> > > "permissive" mode protects against accidental corruption.
> > >
> > > > Since it is a different concept maybe it shouldn't be part of this
> > > > patch. It is a form of integrity checking, but doesn't protect (or
> > > > warns) about integrity failures.
> > >
> > > It does protect and warn against integrity failures of the form of
> > > incorrect signatures.
>
> > My issue is that I don't really understand "permissive". Originally I
> > assumed it was like selinux permissive mode, it does do the checks,
> > but if they fail we just warn and continue. That seems a clear concept.
>
> The proposed documentation explains it thusly:
>
> ima:enforcing Every downloaded file requires a valid signature.
>
> ima:permissive Every downloaded file accompanied by a signature
> must be valid, but downloads without signatures are accepted.
>
> ima:ignore Skips verification altogether.
>
> You're right that it is not an exact match for the selinux concept.
> But if one's not hunting around for a precise analogy, and just reads
> the single sentence description, it tries to be clear.
>
> > [...] if there is a signature, but we don't have the corresponding
> > certificate to check it against, should it still fail, or is it
> > more like a none-signed file and we can be "permissive" and accept
> > it? Maybe I don't have enough imagination.
>
> I see your point. One could make an argument either way, coming from
> fuzziness with the concept of an "invalid signature". One could
> clarify with a rewording to "known-invalid". Then "permissive"
> becomes permit everything except known-invalid files. Missing
> certificates would not qualify as known-invalid, merely unknown.
> Would you like me to draft up a sentence or two description of that
> concept for the man page?
>
> The intended benefit of permissive mode as a default is to give
> elfutils users as much reassurance possible, without requiring manual
> configuration changes or manual downloads. See also the certificate
> distribution topic below - it's really toward the same goal.
I think my issue is really that it is unclear what "reassurances" we
are making. What is the threat-model? Permissive says to me that
although checks are done, they don't block receiving files. Maybe
calling it ima:known-valid ? ima:checking (if you reject unknown-
valid)?
I don't have an issue with ima:enforcing, that seems to have clear
semantics. The threat-model is clear, you only want to get files that
are signed by a specific set of keys/certificates you trust. No middle-
person acting as an intermediary between the distributor and user can
circumvent that.
> > [...]
> > > Yes, it is odd. Unfortunately, it is not possible to enforce crypto
> > > signatures from distros upon unsigned slices. A couple of possible
> > > solutions:
> > > [...]
> > > - disable section queries from enforcing-mode servers (which could
> > > then nuke gdbindex capability for e.g. future fedora/gdb users)
> > [...]
> >
> > I think only option 2 makes sense given the enforcing threat-model.
> >
> > Optionally we could do the section part locally, download the whole
> > file, check the ima signature, then provide the application with just
> > the section data.
>
> Yeah. That is what I was thinking, just not expressing properly.
OK. But again in enforcing mode this is simple and clear, the semantics
for "permissive" not so much imho.
> > > > Including default system directories seems fine. But I don't think
> > > > elfutils should ship certificates itself. That is the job of the
> > > > distro or user.
> > >
> > > The user or the distro the user is running may not be the same one
> > > that the binaries the user is debugging comes from. By shipping
> > > Fedora/RHEL/CentOS certificates, we allow a Ubuntu person to debug a
> > > RHEL container, and trust debuginfod content for it.
> >
> > But it should be the distro/user who makes that choice. We cannot
> > decide for others who they trust as provider of the files they
> > download.
>
> They already make the decision whom they download debuginfo from.
> That's literally what setting $DEBUGINFOD_URLS is. The scenario
> you're describing would be trusting a server enough to supply content,
> trusting our code to fetch & check that content, but not trusting us
> to redistribute public certificates for the servers.
The user shouldn't trust a middle-person. Unless we are signing those
files we shouldn't distribute the certificates are being trustable
imho.
> > > > We aren't in a position to make sure the certificates are valid
> > > > and/or can be trusted.
> > >
> > > Why not? We can document where we got them - I believe they are all
> > > public somewhere or other already.
> >
> > We certainly should document that and provide pointers to where
> > distros publish their certificates. But we shouldn't install them by
> > default. The distro/user can make their own choice of using them, just
> > like they decide whether or not the have default DEBUGINFOD_URLS.
>
> An elfutils-carrying distro can already decide what to do with out
> certificates by including or excluding them from their package. They
> govern what's installed by default, not we. By including the certs in
> elfutils, we are making it easy for a packager to pass these on, if
> they wish.
So you propose we setup a curating process to decide which certificates
to include? If we do then I would suggest we create a separate package
for that (or just a separate tar ball or repository). But I really
don't think we are the right party to do that.
> Another way of looking at it is to remind ourselves of the goal of
> this permissive/cert-distribution default mentality: to provide
> maximum possible assurance possible out of the box.
See above, what is this "maximum possible assurance" that "permissive"
provides? And how does that interact with the enforcing policy?
> > > > [...]
> > > > It would be good to add some comments for extract_skid, I am not sure
> > > > I understand how this works.
> > >
> > > (Ditto.)
> >
> > I do understand hex2dec, but I don't understand what extract_skid
> > does. Maybe add an explanation what a certificates subject key id is
> > and why we need it.
>
> (I meant I'm not sure how this works either. :-) It's based on code
> from imaevm.)
That concerns me a little.
> > [...]
> > > Not sure, but this is how libimaevm.c similar code does it. I assume
> > > the first byte of the signature is something else.
> > > (https://git.code.sf.net/p/linux-ima/ima-evm-utils)
> >
> > ewww. Does this pass ubsan (--enable-sanitize-undefined)?
>
> Haven't tried but it passes valgrind.
valgrind doesn't check for undefined behavior or type alignment
requirements.
> > The issue is that this seems to access structure values at a
> > possibly unaligned address.
>
> Interesting.
>
>
> > > > What does init_public_keys do? Is it thread-safe?
> > >
> > > Good catch. It initialized a global inside libimaevm.c. It does not
> > > appear thread-safe. Will wrap this in a pthread-once or somesuch.
>
> > libimaevm.c seems not thread-safe in general. You might have to put
> > a big lock around the whole signature extraction/checking block
> > which uses those library functions.
>
> OK, will take a look at that. What other global-state conflicting
> things did you notice?
A quick look at the code shows that various functions can read/write a
static public_keys variable linked list, including (indirectly)
ima_verify_signature. So that can cause data-races.
One other issue I noticed is that it seems to be distributed under
GPLv2-only. Which seems to mean that anything based on it should also
be distributed under GPLv2-only, which would include libdebuginfod. Is
there code we can rely on that is GPLv2+ and LGPLv3+ compatible?
> > Another possible issue might be the initialization of openssl in the
> > static constructure. How does that interact with how libcurl inits
> > openssl?
>
> openssl's initialization is fine & thread-safe in practice, despite
> the documentation's warnings.
OK. But even if it is thread-safe, you also need to make sure it inits
the same. This for example worries me a little:
https://github.com/curl/curl/pull/12153
Cheers,
Mark
next prev parent reply other threads:[~2023-10-31 13:20 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-07 12:55 Frank Ch. Eigler
2023-10-23 19:33 ` Mark Wielaard
2023-10-24 13:27 ` Frank Ch. Eigler
2023-10-24 21:03 ` Mark Wielaard
2023-10-27 19:15 ` Frank Ch. Eigler
2023-10-31 13:20 ` Mark Wielaard [this message]
2023-10-31 15:46 ` Frank Ch. Eigler
2023-11-01 14:59 ` Mark Wielaard
2023-11-14 16:45 ` Frank Ch. Eigler
2023-11-15 16:00 ` Mark Wielaard
2023-10-24 15:25 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2148d29762c2046d5d7ce88df51ef91eb2113046.camel@klomp.org \
--to=mark@klomp.org \
--cc=elfutils-devel@sourceware.org \
--cc=fche@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).