| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Aug 2012 21:05:46 -0700 (PDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: eparis@...isplace.org, paul@...l-moore.com, casey@...aufler-ca.com, johnstul@...ibm.com, serge@...lyn.com, linux-kernel@...r.kernel.org, james.l.morris@...cle.com, selinux@...ho.nsa.gov, john.johansen@...onical.com, linux-security-module@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack From: Eric Dumazet <eric.dumazet@...il.com> Date: Fri, 10 Aug 2012 01:56:06 +0200 > From: Eric Dumazet <edumazet@...gle.com> > > commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a > selinux regression, reported and bisected by John Stultz > > selinux_ip_postroute_compat() expect to find a valid sk->sk_security > pointer, but this field is NULL for unicast_sock > > It turns out that unicast_sock are really temporary stuff to be able > to reuse part of IP stack (ip_append_data()/ip_push_pending_frames()) > > Fact is that frames sent by ip_send_unicast_reply() should be orphaned > to not fool LSM. > > Note IPv6 never had this problem, as tcp_v6_send_response() doesnt use a > fake socket at all. I'll probably implement tcp_v4_send_response() to > remove these unicast_sock in linux-3.7 > > Reported-by: John Stultz <johnstul@...ibm.com> > Bisected-by: John Stultz <johnstul@...ibm.com> > Signed-off-by: Eric Dumazet <edumazet@...gle.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists