lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jul 2010 11:45:09 -0700 (PDT) From: David Miller <davem@...emloft.net> To: penguin-kernel@...ove.SAKURA.ne.jp Cc: kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net, paul.moore@...com, netdev@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] LSM: Add post recvmsg() hook. From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Date: Sat, 17 Jul 2010 10:17:10 +0900 > NETWORKING [IPv4/IPv6] maintainers and Paul, is below patch fine for you? Unfortunately, after further consideration, I must reject this patch and also the post accept() LSM hook one. Sorry. I looked into history of the discussions on this issue, and I have found that the core issue with these hooks has not been addressed. We must ensure that if: 1) Application makes poll() on UDP socket in blocking mode, and UDP reports that receive data is available and 2) Application, after such a poll() call, makes a blocking recvmsg() call and no other activity has occurred on the socket meanwhile Then we MUST return immediately with that available data. This LSM hook, when it triggers, can violate this rule, even if you do this looping thing. The post accept() hook has the same problems. Here is where we originally discussed this, in detail: http://www.spinics.net/lists/netdev/msg95660.html Therefore, I think this shows that what Tomoyo is trying to do is fatally flawed. We brought this fundamental issue up to you about a year ago, and the issue is still not addressed. So consider very seriously, that what you are trying to do cannot be performed without breaking applications and API behavioral expectations. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists