The NSA Is Looking At Systemd's KDBUS

Written by Michael Larabel in Linux Kernel on 10 July 2015 at 09:16 AM EDT. 35 Comments
LINUX KERNEL
The latest "news tip" is from a Phoronix reader who expressed "concerns" that at least one NSA security analyst is going through the code for KDBUS, the systemd-backed in-kernel IPC mechanism that's planning for integration in Linux 4.3.

While it's true that an NSA analyst sent out an email about KDBUS security, it hopefully shouldn't raise any alarm bells. The thread in question is about credential faking for KDBUS and why it's even there. Stephen Smalley of the NSA was asking why there's support for credential faking for this soon-to-be-in-kernel code while it wasn't part of the original D-Bus daemon in user-space. The preference of Stephen Smalley is to actually get rood of this functionality that could be abused.

It turns out this credential faking is needed for Dbus1 compatibility in part for faking meta-data. David Herrmann explained:
To be clear, faking metadata has one use-case, and one use-case only: dbus1 compatibility

In dbus1, clients connect to a unix-socket placed in the file-system hierarchy. To avoid breaking ABI for old clients, we support a unix-kdbus proxy. This proxy is called systemd-bus-proxyd. It is spawned once for each bus we proxy and simply remarshals messages from the client to kdbus and vice versa.

With dbus1, clients can ask the dbus-daemon for the seclabel of a peer they talk to. They're free to use this information for any purpose. On kdbus, we want to be compatible to dbus-daemon. Therefore, if a native client queries kdbus for the seclabel of a peer behind a proxy, we want that query to return the actual seclabel of the peer, not the seclabel of the proxy. Same applies to PIDS and CREDS.

This faked metadata is never used by the kernel for any security decisions. It's sole purpose is to return them if a native kdbus client queries another peer. Furthermore, this information is never transmitted as send-time metadata (as it is, in no way, send-time metadata), but only if you explicitly query the connection-time metadata of a peer (KDBUS_CMD_CONN_INFO).

Stephen Smalley is part of the Trusted Systems Research Group at the NSA. He's long been involved with SELinux (Security Enhanced Linux) while more recently is also part of the NSA's Security Enhanced Android (SEAndroid) project. All in all, this really shouldn't be worrisome or news worthy, unless you're wearing a tin hat.
35 Comments
Related News
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
Linux 6.10 SLUB Optimization To Reduce Memory Consumption In Extreme Scenarios
Linux 6.8.5 & Other Stable Kernel Updates Due To Native BHI Vulnerability
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode
Ubuntu 24.04 Beta Now Available For Testing