From patchwork Thu Sep 20 00:19:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10607573 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 819D414DA for ; Thu, 20 Sep 2018 12:34:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F5272C811 for ; Thu, 20 Sep 2018 12:34:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 627172D392; Thu, 20 Sep 2018 12:34:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from upbd19pa10.eemsg.mail.mil (upbd19pa10.eemsg.mail.mil [214.24.27.85]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8D0B62C9EB for ; Thu, 20 Sep 2018 12:34:11 +0000 (UTC) X-EEMSG-check-008: 169706623|UPBD19PA10_EEMSG_MP10.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa10.eemsg.mail.mil with ESMTP; 20 Sep 2018 12:34:05 +0000 X-IronPort-AV: E=Sophos;i="5.53,398,1531785600"; d="scan'208";a="18464507" IronPort-PHdr: 9a23:sc/hMRD4k+fRZlWrRx47UyQJP3N1i/DPJgcQr6AfoPdwSPn8pM6wAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zTZ9MaQXdKUNhXWSJPH4iwa5IDA/cdMepdqYTyoFkBogG+BQmrA+Pj0yZEi2P40KA7zugtCB3K0BE9FN4KrnjYsND5OaEPWu630abI1y3OYe1Y2Tn964bGfB4urv6OUrxtacrcy1QjGg3ZgVuft4PlJCiY1vgPvmWB8+ZsSeyih3Ahpgpsojav3MAsiozRi48L0F/E7jt2wYYoLtOlVEF7YcSrEIZetyGeKYR2WN4pTmZ0tykg0b0Jp566cTMRyJs7xx7QceGHc4aM4h39TuadOCt3i2h/dL2jgBay9FGtx+vhXce3yFZHtjdJn9bDu3wX1xHf99KLRuVy80u/wzqDyhjf5+BGLEwuiKbWKposzqQxm5cTq0jPADH6lUrwgaSLbEsr4PKo5P7iYrj+o5+cMJJ7hR/mP6Q1n8y/Hfw4Mg8TX2iH4ei81KPs/Un+QLhSkv05iLPZsJHHJcQAvKK5Hw9U3Zoj6xa4FTum1sgXnWIbI15ffRKHjozpN0nPIPD+E/i/n0yhnCpkyv3JJLHsAojBImLdnLruY7px8VNQxBI2zd9F5pJUDr8BIOj0Wk/0rNHYFQE2Mwi1w+bhFdV82ZoSVnmIAq+ENqPdrUGH5vk0LumQZI4apDb9K/8/6/7oln82g0URfaau3ZsJcHy4BOhpI12FYXrwhdcMCWUKvg04TOPwlF2CUSRcZ3CpUqI+4TE7DoemAp3YRoCxnrOBxjy7EodRZmBcBVCGCW3oeJmcW/cQdCKSJddskj4GVbe7V4Ah1gqutAj8y7pmMOrZ4SMYtZb+1Nl6/OLTiBcy9SBpD8iH1GGNVW50lHsSRzAqxKB/vVB9ylCb3KhgnfNXDsJc5/VIUgcmMp7R1O16BM7sVQ3fZNuJT0ymQtq+CzErUt0x28MOY1p6G9i6kx/D2CyqA7kImLOVAJw087nR0GLvKMZnzHbKzq4hj0MpQsFXL22pmrZ/9xTPB47Oi0iYmaeqdaAZ3CHT7meO1mSOs19FXw53S6XKR2gfZlHRrdT7+EzNU6OuBa4gMgtbxs6IMrFKZcHxjVVaWPfjP8zTY2GrlGezAhaI26iBbInwdGUe2yXdFVIIkwcJ/XaJLQI+HDuuo3rCDDxyElLie1nj/vRkqHO6UEA01RqHYFd92Lqw4BIVguacS/wL1LIepCghsyl0HEq639/OF9WPvQ5hc7tHYdMh4FZH0nnUtxdhMZyhMa9igEIecwVtsE/00RV4FJlAm9AwrHw21ApyNb6Y0FRZejOCwJ//J6baKmb3/BGgcaLW3E/R0MqO8KcV9Ps4s0njvB2uFkc66HVn3cNV03yH5pXWFwcSSpTxUkE59hh/vb7aZDMx54XK2n1wKaO0qCPN28o1BOs5zRatZ9leP7mAFA/uDcIaHdOuJfc0m1e3dBILJ/1S9KsuM8OhbfuG17ahPPx8kzK+kWRH/Id931qK9yp9Tu7I24gKw+qD0wSdSTj8llChvtrwmYBeajEYBnC/xjT8BI5Neq1yep4GBnqyI8Kt3NVznILiW3ld9FG/HVwGw9OpdQCUb1PjwQ1azV4XrmC/mSuk0zx0lCkkrrSe3CPS3+TicwAHNnRXS2liilfsJ4e0gsseXEipaQgmjgGl5UHgy6hcvqR/IHHZQV1UcCjuM2FiTqywu6KGY85O85MorTxbUP+iblCeS779pQYa0iz4EmtF3DA7djequpTlkBxhkm6dKmh8rGbBc8Fq2Rjf/MDcReJW3jceXil4jj3XBlyiMNmz4dqUkJnCv/ulV2K8SpJTajPnzYSatCu0/WdqGwGwn+ivmt37Fgg3ySz72MdsVSXTtxv8YZfk16KhMeJhYEZoGEXw681gGoFxioEwno0f2WAGhpWJ+noKiX/zPs9G2aL6cnUNXSQEw9jJ4Af7wk1uNW+Jx5nnWXWH2cttfcK6YmQL2iIn889FFqmU7LtenSt6vFW0twTRbuZhnj0F0/sh9GYag/0VuAoq1iidHLYSElRDMCzykRSH8tC+oL9RZGmxbbi6zFB+ksy5DLGevgFcX270eo84Ei9t6sVyK07D0Hzv6oDkYdXQY8gcthuOnxfHlehVJ4o7luAWiip/JWL9oXolxvY4jR1u2ZG1opOKK2Bq/KK3DB5XKCH1Z98T+jHqiKZRgNya34axEZV9Aj8LRofnTeq0EDIOsvTqLwiOHyc6qneHHrrfGBSS6El4oH3SFJCrLWuYJGEDzdVlRhmSOlBQgBwOUDU9hJ45GRigxNb9f0dh+jAR+ln4pwNCyuJyKRbwT3zfqx2uajcoT5ifNwFb4Rte6EfQK8Ce6fhzHy5A9J27sAONMnCbZxhPDWwRQUOLHFfvPr2v5dnb7+iYHfCyL+DQbrqSs+BeTOmHxZau0otg4jaNOd6CMWViDv0hx0pDRmp1GsrDlDUTUCwXkCTNY9ScpBem9S19ttq//+jzWALz+YuPDKNfPs5u+xC5hqeDMfWdiztnJjlD15MD33nIxKIY3F4IhCFkbyOtHqgYtS7RUKLQnbdaDxwbayJzLMtI6KY83ghROcHFkd710794juIvC1hbT1DhndupZcMSKWGnKFzHHFqLNKiBJTDT3c73ebmzSadRjOVPrBCwoSyUE1XiPjSYjznpUwqgPv1Sgy2BOxxeoo69eA53CWf/VNLmdgG7MNhvgD0w37I7nHfKOHUfMTh7aENNsqef7SVDgvV8GmxN9HxlIveYmyyB9enXNo4Wsed3AiRzj+9a+mo1y6BL4y5eXvx6hCvSo8V1rFGniOmA1z1nUBRWqjZRmo2KvV9uOaPH+ZlcQXzE5g4C7X2MCxQWoNtoEsDgtLpOytjOia3zMyxP/MjO/csGAMjVJtmHP2Q9Phr0Aj7UDRcFTD6xOWHZmUNdjOmY9meJoZgitpjshJ0OR6dfVFwyDPMVFEJlHd0FIJpsUTMkl6ObgNQP5XqkoxnbXN9asYzfVvKOHfXvLy6UjaJaaBsMwLP4K5kTN4Lg1kN+bVl6mZjFFFDLXdBRuCFhaBE7oFlV+nhkUmIzw17lah+q4HILCPG7ghs2igx4YeQx6Tvh+Ek3KUTQpCsxkUgxntPljSqXcDHvMKe6RZtWBDbst0gtLpP7RB54bRGznUxhMzfEW7JRjrt7eG92iQ/duYFAFuVGQa1CfhAQ2emdZ+803lREtiWn2UhH6PPfBptmlQslbYCjoGpF2wNjat41IqrQK7BSw1dLh6KBpCmo2vk/wA8DPUoN9n2deDIQskwSKrYmPzao/vBr6QGagDRMZm4MWuEwrf136EMyJf6Azzn63L5ZKkG9LeufL7mWu2LYj86HXksw1l8Ul0lC5bV2y8Ejc0uIWEAvy7uREw8JO9LbJw9IdcRf6H/dcD2SvuXKxJJ6I5+yFvv0TeOUsqYbnF6kFh4zH4sQ9sQBAoWs0EbAIMj7Lr4K0wki6R/3K1WCCPRJfBOLnykdo8Gj0pB4wYldKisaAWVnPiW9/qzXqRMygPqfQNc2ZW8XXpEeOXIsX821gDVUv2haDDatzOIW1gyC7z76piTfCDn8btVjZPeIZRNiEt624zA//7KwiVHJ7pXUP3v6Osh6ut/T9eMaoI6KCv1OQbZhs0fcmoxYR32wXG7MCtO1Job/ZJcyYtDuDXa6SFO/gSovT8jtJNatMrSIgQbwSIZRqoabxjMjOtGhFjEfHRdwqPoO5axmag0Ff5U7ZRnotxkjOKykOguY1MuhQ3q1IztMU/Zf1fm6Z6BQzyc0du+6z38gQYsgz+i59k4NQJ8KgwrbxfakYIleSjb8FWBHewXIvio5jGlhNuA9wuslxxPIq1YcOSiRdON1cGxEo808BVSKLHpsEGo4WlmcgZDA4gO33rAS/ipdn8pP3uFftnjxoIPfaiq2WKO3sZXVrzYgbd8+rq1tNozjJ9CLtI/CkjzaV5bcqAuFXzCmF/BCgNhfPDpYQOVUmWEiIcEGu41B5lQqW8gjObNPE7cjpqq2aTV6ECEe1ykZWJ2c3DYamOezx6PalguMcJQlKBEEvo9CjcEbUyFqYyMev7SuV4DOl2+FU2QLOwkS7R9W6AIHjI9wcfjv4JDUQ59U1z5Wv/V0XzPXFpZ16lT7S3uZgVzjRfq9lOyp2B5dw+j30tkHQhJ/D1ZSx/pOnEsyNL53M7UQvpLNsjKQbUP6p37tx/G7K1lN0sDUbFr4DJfftWXgTCIc/2EURZVVx3HbD5gSlBB5aKkzrlVWPI+mYlr+5yAjx4lxBLa4W9yky0onoHobSSqnCMZOC+ZjsF3LQjJleIyrpI/jO5pMXm9a4IedpEtBkEVxLy65zoJRK9tT7TERXDhAuymdscC2SM1Ex895EYEALct4u3jgBqxIIp6RrGMqurb30H/W5yg8sEumxDW0A6K4U/hZ8HMAFQo0PGmet00vD/c28mjI7FDNs1d0/+NFCbiTl0lxpyx9Hp9WDDZTyX+lN0hzTGVBs+hCLaTaachcQ/0sah+zJxwxD+Qp0leP/U5qgXf5eDB9uRFC+y/DRQU0Uzcagqv1kz0Ets6nISMaS45PbTg5bSfKMRibmSdMvBZbcU5qRYsUAtNY+7EfwYtU/9bNSUe2JiEDRxxuLAU40eBQlURbqkWXZTjdDRa0dfbIqhB3f92erMinLPTj+wdIl53ovfsk96oZQX2mggqtTcrYr4Diqt2ArlGOe7vgM+2gfX/BSyDBjR+thbclC5nK+zbcMA9AJpZn13UrepnhBnTNPRhcIKIbPUVbX7hgadpauuBae9NkeKER9K9vBxKHQwjiGImxo/hGMFnTXzXeLyOO8uClp4Lc86DdQ/D6ZsOQ33bHX753PpBi5Dn9H7fnyo5e+kzz2vt390N6T1bGMzqbo9T6OgML/tSieVf+vp00BzPZHo18kH33xkFPb8AXWTGl8IwEyJNF73b9Ued40k/1sO1O+Llr95I647VoyciuI6fdN+hasEFgAhiOBQVq7Y8hAG5hSGBNeuURMuvefbwFjcDyrOD6D6gX6AaQ++FZctbHKV/OldS4CjGGUxNEhB0BqTkYLgSCy/GFh7V4ScG/pej2wkgt+USxLgYazLBx4oeJ4quIpe7NYBTL0bcJQbPqSd3vrrsyp0ye//oklKQBemZteQ2oDPAdVtIBxmfn1a0l1iMsE9jNHr36+v5DVm45nir6lJBgG1UbAe8bHb2W8otAhGg4hvbZNtoMcq9YgGqPEgSkErAaw36x9ySXOHVlgg3J0xzoWWO89kP2ojN4QSrCyNfjiElVWqCsBUhMWyqpOEl4sC6APQfzrNr4o7g14102Mm3qs9KNjmihNKlUH8LhPtycJzc7pFYNgJ02XNyv1pgRGcChL9cJ7HF+cvze5nukkyBfpadHm43e4saS9vXMA3agi6yaq7OQxDFX0XU4uU8w6sqgN/7U/dGKReqn13oJRSdlpwTBRwK1qqDcr10MP0yL0VvEmIsOPt5Dxnk0zEDm5O8kQNIo7wVTDYPAavwNpDzpPzv021mfacotViaCyztXAk71EV5gFagzxG3wp9nJmW7N9VMnQIdwdkrnhQF4DogjJkIt7UIYwiwdHgQXbhCbFr6oD1z/LYQYTUgDdQiH3L+id6c12k1zwrWv6PXPYux8A6oNK+tSjw+PnFhdAZIWsqweTalie19c6q7YvAziBJXmX/T8k3o/K+G1SNhA8c8Fr3si/hq/Rx245JdC8bYUkpaIe7VAYZjRoc987kBn5SUVeixKmhh/gAuzUfoAq+D7/tjbrJ2o5/6sVKkzSeUX+Rw0Cn9wjpTqhlAsv83X2/1aSoLLlYT16BpNLGKSuIbGzxl8LvIDK42vfLZn+XQIOSweJ3YVMNqNbPk85S5tPynJ61xEHMwMecsSPNDRlgBMlk3pRLZT+9LeGl+ZCIdzdMco4nH1yD8v8ps8VeDg5yGwJZzF6VFCIe9Dhj12lN3evOgV3ebSCC8P7HaCdRd1xD+CxoKWC/b0+uWM1M3UV00YESErSYtdIyCC+QO/TOqviJrpSh+U6tP0gJ8mekKfWHixnKUdsqlSCuNBiyT73j1bFo/rnfKVt8Sj5HFQtl1dH4Z59QfFF7lHPpVnJRT4kdGmR0ZkBivlecHbagQhtfGTxucN/+V+LVXxaZUcIhIexLLw8WBVQRd2SL7qolaZWvocZNxiSPzatX1V8YZgJLUUPFiBpZzlsitIqEooDwA3crMwqCJVdlXWlg1PR6n0oKIAihcbUdNhvU9MGGSwOH8x5jbeUaRVjbKRCOAO8jiIT6wBSUNoMiRkTxOywpVudKOjnepbvWNegiN9vP8q3iRjRBSmpSLsp6MN2TQn+LyjqjUBuHpFQfuakyfJD1VD0fsLgb0bC3b45ly2eGMDY5fq4Ll7OcTg8pEs43YlbhUgeC0JRv+tCzz2j6OUAoyPt89chBGNuMXSd7OzKzYdNqglwxL5W3d9yhTenApv8GYTWTWg4tokK5m8NMsm3SeoB3bUdEwN4qJIt8vxs0QHTO0oZlN9ky1f1Z2jfQhFEMjOHXslyxMpYnhecY5SrBodG7Qsjx6WsaRcuAIZejHZFsKi4IaG2Y/q0HwwVp9PwXjMp7bN0pEv12d/mshc6CeLtXVUcPbXBYskOVW78oZZ1Py2M+6gtuEBVZtO1KWqUPhENNKqv2SxxsMuEmuG4pFWS164NvITg7TWSSGoTUWGVumRNWuBhTA0Ngj1/xb+ahUVb8dM5206MuLEnZNa31njVrNyACeXpVbd12ElGegTcQUwuYyuf0oBS+tHI6C/KOU1iNY5D1hEO3zEEDB9DOi1mVWtho9+Omhlp0LgbrKpujzrLMCPHVEkGIjWp9Yl4fG8SX+APzpjwQd0MU1c9qLbEEo88PRVcIuLlJ7WipJ5ybhBP89kLCl1n9kUgI8rvZGdzcOiaRjMytP3ItbPr76TBPiJiwwRZmxCUrcfKTjw7oE+M89xD6bfBpNFrB8cAu48W5VnOGDvouU8ZgdydBPBIbqvjsT0q+ajeJRZvTnV40g2ISOavAcMgLTgSQ19coDviW7+LY49QhpfoNB3TBhrBo1CH4UHtQXxR9a9nKyrhs7510Rwoe4buKy4XvnG096j3pR4WbBV4EWKOHDaA6w9xgxAj++xi3TE5aL4Dcp2f5tQUelwamLEZb7FGYn5LD+SbIa0QEdC7beA16h0GjCcfyfjVqGP/Hm/cvBp+kIhw4dxJbT7wzkk7rWd09z3MTJ1vCCm+FWAL5ZOpGfBBeXDURZZU7LR+29+ELw/doD0/foANdE4hdOVpQJ06WIRg4O+P6G9oxqUiQpAfpXBIR6sin5jA9sDPQi/PE0wgGTQtnXaBzFGI9O5LdV22orOXCHVy2IqslkEPzcHF2ftXtjXPGEa34S7ZQnZkWADFM4Nysiwf0NwraiuUa9wIJwQkuyxuaQvit1pIjzBQMVAeirZarRxO2k0bK3UvFZ9RBkCvvAuX5stI52HIUcJKkCFnCj71gbT+Vb/d9Wx2qKEOmMd+zNMyLeWtFoEvBG37NCehMCrS7XFdNf2UfrVZTIiTS2fTC8uHFyB4lCiuvFf5KbdeDdZqVcSeSeITgsap6Qpp9aKSH7amepkOpYNgaP/OWj8Syx9wbI7HT0D9VuNTPwKCRTMYjf/jXBdtg2vKr4E/X/sY7CCgKsAc/0fAoxLNPaeRtY= X-IPAS-Result: A2B9BABUk6Nb/wHyM5BbHAEBAQQBAQoBAYNVA4EIXCiMZ4tRgWiCfpQJgVgxEwGFBIJ+IUwBAwEBAQEBAQIBbBwMgjUkgmADAwECJBMGAQEMIAwCAwkBATcJCAgDAS0UAREGAQcFBgIBAQEYBIMAgWoDFQOYU4ocgWozgnUBAQWBBAEBdYJEA4JRCBeKWBeCAIESJwyCMYRnEgESAV6FGYhIhS9BMY4HCYIMjhIdWIg5hhGObIdiIWRxTSMVO4JsghkMF4NGihwBVU97AQGKOoI9AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Sep 2018 12:33:54 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8KCXrLb025477; Thu, 20 Sep 2018 08:33:53 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8K0K0Dr024195 for ; Wed, 19 Sep 2018 20:20:00 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8K0K09S020725 for ; Wed, 19 Sep 2018 20:20:00 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BzAAB15qJbly0bGNZcHAEBAQQBAQoBAYNVgWcog3OIdItSgWAIgn6UCIFmhHcCQoJ5IUwBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAhEVAgJFEgYBDAYCAQGDHYFqAxUDmXGKHG97M4J1AQEFgQQBAXWCSwOCUQgXdIliF4IAgRInDIIxhGeBBIJCgleIQ4UtQTGNfAmCDI4RHViINoYMjmqHYIF2TSMVO4JsghkMDgmDRYocAVVPjWwBAQ X-IPAS-Result: A1BzAAB15qJbly0bGNZcHAEBAQQBAQoBAYNVgWcog3OIdItSgWAIgn6UCIFmhHcCQoJ5IUwBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQEBOA8lAhEVAgJFEgYBDAYCAQGDHYFqAxUDmXGKHG97M4J1AQEFgQQBAXWCSwOCUQgXdIliF4IAgRInDIIxhGeBBIJCgleIQ4UtQTGNfAmCDI4RHViINoYMjmqHYIF2TSMVO4JsghkMDgmDRYocAVVPjWwBAQ X-IronPort-AV: E=Sophos;i="5.53,396,1531800000"; d="scan'208";a="373913" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 19 Sep 2018 20:20:00 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BqAAC15qJbly0bGNZcHAEBAQQBAQoBAYNVgWcog3OIdItSgWAIgn6UCIFmhHcCQoJ5IUwBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCERUCAkUSBgEMBgIBAYMdgWoDFQOZcoocb3szgnUBAQWBBAEBdYJLA4JRCBd0iWIXggCBEicMgjGEZ4EEgkKCV4hDhS1BMY18CYIMjhEdWIg2hgyOaodggXZNIxU7gmyCGQwOCYNFihwBVU+NbAEB X-IPAS-Result: A0BqAAC15qJbly0bGNZcHAEBAQQBAQoBAYNVgWcog3OIdItSgWAIgn6UCIFmhHcCQoJ5IUwBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSSCYAMDIwQZAQE4DyUCERUCAkUSBgEMBgIBAYMdgWoDFQOZcoocb3szgnUBAQWBBAEBdYJLA4JRCBd0iWIXggCBEicMgjGEZ4EEgkKCV4hDhS1BMY18CYIMjhEdWIg2hgyOaodggXZNIxU7gmyCGQwOCYNFihwBVU+NbAEB X-IronPort-AV: E=Sophos;i="5.53,396,1531785600"; d="scan'208";a="18452107" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Sep 2018 00:19:59 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;819eb3aa-b83c-424e-ba94-598a3da7f8ec Authentication-Results: UPDC3CPA11.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-18.consmr.mail.bf2.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 45575540|UPDC3CPA11_EEMSG_MP27.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 74.6.128.41 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DYAABB5qJbhimABkpcHAEBAQQBAQoBAYFTg2kog3OIdI0yCIJ+lAiBZoR3AkKCeRkGBjMVAQMBAQEBAQEBAQETAQEBCAsLCBsOIwyCNSSCYAMDIwQZAQE4DyUCERUCAkUSBgEMBgIBAYMdgWoDFZl4ihxvezOCdQEBBYEEAQF1gksDglEIF3SJeYIAgRInDIIxhGeBBIJCgleIQ4UtQTGNfAmCDI4RHViINoYMjmqHX4F3TSMVO4JsghkMDgmDRYocAVUfMI1sAQE X-IPAS-Result: A0DYAABB5qJbhimABkpcHAEBAQQBAQoBAYFTg2kog3OIdI0yCIJ+lAiBZoR3AkKCeRkGBjMVAQMBAQEBAQEBAQETAQEBCAsLCBsOIwyCNSSCYAMDIwQZAQE4DyUCERUCAkUSBgEMBgIBAYMdgWoDFZl4ihxvezOCdQEBBYEEAQF1gksDglEIF3SJeYIAgRInDIIxhGeBBIJCgleIQ4UtQTGNfAmCDI4RHViINoYMjmqHX4F3TSMVO4JsghkMDgmDRYocAVUfMI1sAQE Received: from sonic304-18.consmr.mail.bf2.yahoo.com ([74.6.128.41]) by UPDC3CPA11.eemsg.mail.mil with ESMTP; 20 Sep 2018 00:19:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1537402792; bh=1lkAfvD2bde2GkI0xlwOB5zymN2wW6RNq50ZvnG5XGE=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=TVcPSt3BB4MqIU8EaED2lXI+dSpS04/kZRvFZEYTpSxY2rTLDie6nAo355MPtxS+saBl9uy9trIraek6Kc2fvCEqVi4yU7GyVu/8mFhwWvjHcvPEX+3G3QsRSYocw+NajcZhXbFWrqCp3ZdfuF+clA7Z2Ly+HcJI2CJx6EHrK/LqwBupJKIzr6ioZni23O3H/ZH7d6oA12oTuzpJ2882ulU4aEpBqcKlBThRcsBGlpk2AjbUlBJ7uSjOPPmU5ltBfgVHGqwHRLh1RvWEj5ipUbaKKBIH3xF6IiERW6t8B6Y74Ssh4tCGIuDeIxxxQoxQi5JEQL074R1uFSNxwULdmA== X-YMail-OSG: vr9inm8VM1lBKo0G9TYdpm62nVopBMWEDEqUVZfBQueNRA_hUjhokiC_JP0pH4A BQlIM6BaAG7E7PddjXYy64h03hcgZFFkvMWTIRw8v4yTjFjX_jw0eTaCdBcQTGbsDEJK8sX.mYi0 FqDXyB2werDloPh.Q1MacRqbKIlIpHlBnWm6ZmvkUQkMeaGRKMLQRmoOZy.b.aISStx._5O21Js9 G07YMek151vUy_b6x3U_vhbsDeR5DMAmJVl1VKTk.5IdBbThWRlrRNRMvl2jZSQxCCIAHh.t5mRq CSyfQNxqsHNRpDxqLChl0LH75.d7BwH_Qc046J3_EZzD0mFtXolC6F3UyTumAxZl2js3SVdE7OKV fejBnLiW_4kVIQWKyBfpkRfCPKrgGpIR3Y4O_n91X33SFwNwRCHZ.niPf7eY9NdxaRS9BD7VjTkz GFDgykMnzcWXW21B0NkWQFv1e22Yd3rUjBGUCtoo97gm.9_RDMQB6r9U.VLKHpXwA2HdSCVwmvks rY.x7vq08qGjsi6.KI1OGhg4yJFERmDzL4vlkm.3UGLxDUZfmBty2rM86HfImmOFQnUY0MfSHq7M eEohBuFLMRDR2tAj3vguNv5G6tV17cJNafw2TLbba9c5zM4AlmOxaVdbtTFcmU8s2SHgd7DTR5wF _D3Ralzx46WaR8RSJZdvej0yi9Xd7ReldELNRaW9UwBHDnWXamICGfExgeuk_8lXRd2CjeN9InsL Iuu6kbKTOwJwOel8I012W7z1K73NJJYzADkDFtvtPxdCILWVt.qdOOG2xeWkC9M1SY8KjyHQmMlW WsWEe4oRCmaRHPt5uP3cFQEDbt4w2AjmqtyyY4sM7ZWmDcxdnZgqx7YpGswc_mJQML6t1ZTUsRyb JXkRtqn8IkTQXB_CSX5aHMR_0P3StpOBGaV8Knn1b3EieB1jBQw_e7YZscnc_9AI8RIRnt3Fnk8D _eT3VsLnPfhoOZ2Iz3rJObAAD53lWHGQ4AMWoi5Tr.dkutB6Dfq_Xx5eJywytUsegIGvM8AfM55X K.KZisl0H2o2o8ryjEosqIj3JD634EEWL Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Thu, 20 Sep 2018 00:19:52 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp412.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 7251079eb10e14a212909245eedd14f0; Thu, 20 Sep 2018 00:19:50 +0000 (UTC) To: LSM , James Morris , SE Linux , LKLM , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Salvatore Mesoraca References: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Wed, 19 Sep 2018 17:19:47 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <748c61cb-b6fa-c36d-a7b3-2315ff6292af@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Thu, 20 Sep 2018 08:30:05 -0400 Subject: [PATCH v3 02/16] Smack: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Smack: Abstract use of cred security blob Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 17 +++++++++-- security/smack/smack_access.c | 4 +-- security/smack/smack_lsm.c | 57 +++++++++++++++++------------------ security/smack/smackfs.c | 18 +++++------ 4 files changed, 53 insertions(+), 43 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index f7db791fb566..01a922856eba 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list; #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; +static inline struct task_smack *smack_cred(const struct cred *cred) +{ + return cred->security; +} + /* * Is the directory transmuting? */ @@ -382,13 +387,19 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) +static inline struct smack_known *smk_of_task_struct( + const struct task_struct *t) { struct smack_known *skp; + const struct cred *cred; rcu_read_lock(); - skp = smk_of_task(__task_cred(t)->security); + + cred = __task_cred(t); + skp = smk_of_task(smack_cred(cred)); + rcu_read_unlock(); + return skp; } @@ -405,7 +416,7 @@ static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) */ static inline struct smack_known *smk_of_current(void) { - return smk_of_task(current_security()); + return smk_of_task(smack_cred(current_cred())); } /* diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 9a4c0ad46518..489d49a20b47 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -275,7 +275,7 @@ int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, int smk_curacc(struct smack_known *obj_known, u32 mode, struct smk_audit_info *a) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_tskacc(tsp, obj_known, mode, a); } @@ -635,7 +635,7 @@ DEFINE_MUTEX(smack_onlycap_lock); */ bool smack_privileged_cred(int cap, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *skp = tsp->smk_task; struct smack_known_list_elem *sklep; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 340fc30ad85d..68ee3ae8f25c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -122,7 +122,7 @@ static int smk_bu_note(char *note, struct smack_known *sskp, static int smk_bu_current(char *note, struct smack_known *oskp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (rc <= 0) @@ -143,7 +143,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_task(struct task_struct *otp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *smk_task = smk_of_task_struct(otp); char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -165,7 +165,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_inode(struct inode *inode, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -195,7 +195,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_file(struct file *file, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -225,7 +225,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) static int smk_bu_credfile(const struct cred *cred, struct file *file, int mode, int rc) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -429,7 +429,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, } rcu_read_lock(); - tsp = __task_cred(tracer)->security; + tsp = smack_cred(__task_cred(tracer)); tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -496,7 +496,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) int rc; struct smack_known *skp; - skp = smk_of_task(current_security()); + skp = smk_of_task(smack_cred(current_cred())); rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); return rc; @@ -913,7 +913,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_bprm_set_creds(struct linux_binprm *bprm) { struct inode *inode = file_inode(bprm->file); - struct task_smack *bsp = bprm->cred->security; + struct task_smack *bsp = smack_cred(bprm->cred); struct inode_smack *isp; struct superblock_smack *sbsp; int rc; @@ -1744,7 +1744,7 @@ static int smack_mmap_file(struct file *file, return -EACCES; mkp = isp->smk_mmap; - tsp = current_security(); + tsp = smack_cred(current_cred()); skp = smk_of_current(); rc = 0; @@ -1840,7 +1840,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { struct smack_known *skp; - struct smack_known *tkp = smk_of_task(tsk->cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); struct file *file; int rc; struct smk_audit_info ad; @@ -1888,7 +1888,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); ssp = sock->sk->sk_security; - tsp = current_security(); + tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the * passed socket or if the passed socket can't @@ -1930,7 +1930,7 @@ static int smack_file_receive(struct file *file) */ static int smack_file_open(struct file *file) { - struct task_smack *tsp = file->f_cred->security; + struct task_smack *tsp = smack_cred(file->f_cred); struct inode *inode = file_inode(file); struct smk_audit_info ad; int rc; @@ -1977,7 +1977,7 @@ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void smack_cred_free(struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_rule *rp; struct list_head *l; struct list_head *n; @@ -2007,7 +2007,7 @@ static void smack_cred_free(struct cred *cred) static int smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - struct task_smack *old_tsp = old->security; + struct task_smack *old_tsp = smack_cred(old); struct task_smack *new_tsp; int rc; @@ -2038,15 +2038,14 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, */ static void smack_cred_transfer(struct cred *new, const struct cred *old) { - struct task_smack *old_tsp = old->security; - struct task_smack *new_tsp = new->security; + struct task_smack *old_tsp = smack_cred(old); + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = old_tsp->smk_task; new_tsp->smk_forked = old_tsp->smk_task; mutex_init(&new_tsp->smk_rules_lock); INIT_LIST_HEAD(&new_tsp->smk_rules); - /* cbs copy rule list */ } @@ -2057,12 +2056,12 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) * * Sets the secid to contain a u32 version of the smack label. */ -static void smack_cred_getsecid(const struct cred *c, u32 *secid) +static void smack_cred_getsecid(const struct cred *cred, u32 *secid) { struct smack_known *skp; rcu_read_lock(); - skp = smk_of_task(c->security); + skp = smk_of_task(smack_cred(cred)); *secid = skp->smk_secid; rcu_read_unlock(); } @@ -2076,7 +2075,7 @@ static void smack_cred_getsecid(const struct cred *c, u32 *secid) */ static int smack_kernel_act_as(struct cred *new, u32 secid) { - struct task_smack *new_tsp = new->security; + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = smack_from_secid(secid); return 0; @@ -2094,7 +2093,7 @@ static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_smack *isp = inode->i_security; - struct task_smack *tsp = new->security; + struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; tsp->smk_task = tsp->smk_forked; @@ -2278,7 +2277,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, * specific behavior. This is not clean. For one thing * we can't take privilege into account. */ - skp = smk_of_task(cred->security); + skp = smk_of_task(smack_cred(cred)); rc = smk_access(skp, tkp, MAY_DELIVER, &ad); rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); return rc; @@ -3605,7 +3604,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) */ static int smack_setprocattr(const char *name, void *value, size_t size) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; struct smack_known *skp; struct smack_known_list_elem *sklep; @@ -3646,7 +3645,7 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (new == NULL) return -ENOMEM; - tsp = new->security; + tsp = smack_cred(new); tsp->smk_task = skp; /* * process can change its label only once @@ -4291,7 +4290,7 @@ static void smack_inet_csk_clone(struct sock *sk, static int smack_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) { - struct smack_known *skp = smk_of_task(cred->security); + struct smack_known *skp = smk_of_task(smack_cred(cred)); key->security = skp; return 0; @@ -4322,7 +4321,7 @@ static int smack_key_permission(key_ref_t key_ref, { struct key *keyp; struct smk_audit_info ad; - struct smack_known *tkp = smk_of_task(cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(cred)); int request = 0; int rc; @@ -4591,7 +4590,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) return -ENOMEM; } - tsp = new_creds->security; + tsp = smack_cred(new_creds); /* * Get label from overlay inode and set it in create_sid @@ -4619,8 +4618,8 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, const struct cred *old, struct cred *new) { - struct task_smack *otsp = old->security; - struct task_smack *ntsp = new->security; + struct task_smack *otsp = smack_cred(old); + struct task_smack *ntsp = smack_cred(new); struct inode_smack *isp; int may; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f6482e53d55a..9d2dde608298 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2208,14 +2208,14 @@ static const struct file_operations smk_logging_ops = { static void *load_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2262,7 +2262,7 @@ static int smk_open_load_self(struct inode *inode, struct file *file) static ssize_t smk_write_load_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_FIXED24_FMT); @@ -2414,14 +2414,14 @@ static const struct file_operations smk_load2_ops = { static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2467,7 +2467,7 @@ static int smk_open_load_self2(struct inode *inode, struct file *file) static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_LONG_FMT); @@ -2681,14 +2681,14 @@ static const struct file_operations smk_syslog_ops = { static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_relabel); } static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_relabel); } @@ -2736,7 +2736,7 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file) static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char *data; int rc; LIST_HEAD(list_tmp);