summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorAntony Antony <antony.antony@secunet.com>2020-11-17 17:47:23 +0100
committerSteffen Klassert <steffen.klassert@secunet.com>2020-11-27 11:03:06 +0100
commitc7a5899eb26e2a4d516d53f65b6dd67be2228041 (patch)
tree3c57c631ca926f27378b28bc9fa2a6f6d81476c8 /security
parent8be33ecfc1ffd2da20cc29e957e4cb6eb99310cb (diff)
downloadlinux-c7a5899eb26e2a4d516d53f65b6dd67be2228041.tar.gz
linux-c7a5899eb26e2a4d516d53f65b6dd67be2228041.tar.bz2
linux-c7a5899eb26e2a4d516d53f65b6dd67be2228041.zip
xfrm: redact SA secret with lockdown confidentiality
redact XFRM SA secret in the netlink response to xfrm_get_sa() or dumpall sa. Enable lockdown, confidentiality mode, at boot or at run time. e.g. when enabled: cat /sys/kernel/security/lockdown none integrity [confidentiality] ip xfrm state src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x00000002 reqid 2 mode tunnel replay-window 0 aead rfc4106(gcm(aes)) 0x0000000000000000000000000000000000000000 96 note: the aead secret is redacted. Redacting secret is also a FIPS 140-2 requirement. v1->v2 - add size checks before memset calls v2->v3 - replace spaces with tabs for consistency v3->v4 - use kernel lockdown instead of a /proc setting v4->v5 - remove kconfig option Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'security')
-rw-r--r--security/security.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index a28045dc9e7f..abff77c1c8a7 100644
--- a/security/security.c
+++ b/security/security.c
@@ -65,6 +65,7 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_PERF] = "unsafe use of perf",
[LOCKDOWN_TRACEFS] = "use of tracefs",
[LOCKDOWN_XMON_RW] = "xmon read and write access",
+ [LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};