Use LSM for more secure Linux

LSM is short for Linux security modules. It is an underlying framework used in Linux kernel to support more flexible security policies. Although it sounds complicated, however, we can understand it as a set of hook functions embedded in the Linux kernel and some reserved data structures called security domains. let's first talk about the framework.

 

The Linux mechanism ensures that Linux has a better security mechanism, but many problems are hidden below this mechanism:

 

1. The permission granularity is too large. Users who have used Linux should be familiar with access permission settings such as 0644. It imposes restrictions on users who can operate on this file, but this is only restricted to groups, there is no further subdivision. Of course, if LSM is only used to limit this, it will be too boring. Because of the finer control granularity of the file, the ACL can be completed very well, by the way, ACL has a allocation restriction. If a friend needs to use ACL for finer-grained access permission control, he may need to pay attention to this.

 

2. the root user has too many permissions. In Linux, the root user is supreme. He has full control of the machine and can do everything he wants to do. However, in many cases, we may not want to have such permissions as root users. For example, in the popular cloud storage, users certainly do not want service providers to access our files at will, at this time, you need to set the root user.

 

Due to these problems, an enhanced patch like Se Linux (securiy enhanced Linux) has emerged. However, each system has different security details. Therefore, Linus tovalds proposes to have a security framework acceptable to the Linux kernel to support these security policies, this security framework should provide transparent security domains in the kernel data structure and Security hooks used to control and maintain security domain operations. Therefore, LSM is available.

 

The position of LSM in the kernel can be used to represent (Note: This figure is obtained from the Internet, because it clearly reflects the position of LSM, so it is used directly, because I do not know the original source of this image. If you have offended your rights and interests, please let me know and I will delete it immediately. Thank you, haha ):

When user statusProgramWhen calling functions provided by some operating systems, such as the read () function, it corresponds to a system call in the kernel. Then, some common error detection is performed first, then perform the DAC (Discretionary Access Control) detection, and then it performs the LSM detection. It can be seen that LSM is actually a very underlying security policy framework. Using LSM, it can take over all system calls. In this way, we can control the permissions of all users, including root, and achieve finer-grained access permission control.

 

When the system is initialized, LSM is an empty framework that does not provide any detection. All the work it does is to return 0. Of course, some functions without return values are excluded. However, we can write LSM based on our specific needs, and then register the compiled LSM hook function with the data structure struct security_operations in the system. In this way, our LSM detection started to take effect.

 

In the followingArticleIn the project, a part of the project is used to restrict the root user's access permissions to some files to describe the LSM Framework in more detail. Of course, I am a little confused. Please kindly advise me a lot, thank you. Haha