| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Mar 2013 19:35:18 +0800
From: dingtianhong <dingtianhong@...wei.com>
To: Eric Dumazet <eric.dumazet@...il.com>
CC: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, <netdev@...r.kernel.org>,
Li Zefan <lizefan@...wei.com>, Xinwei Hu <huxinwei@...wei.com>
Subject: Re: [Eulerkernel] [PATCH] af_unix: dont send SCM_CREDENTIAL when
dest socket is NULL
On 2013/3/26 12:32, Eric Dumazet wrote:
> On Tue, 2013-03-26 at 11:08 +0800, dingtianhong wrote:
>> On 2013/3/25 22:04, Eric Dumazet wrote:
>>> On Mon, 2013-03-25 at 18:28 +0800, dingtianhong wrote:
>>>> SCM_SCREDENTIALS should apply to write() syscalls only either source or destination
>>>> socket asserted SOCK_PASSCRED. The original implememtation in maybe_add_creds is wrong,
>>>> and breaks several LSB testcases ( i.e. /tset/LSB.os/netowkr/recvfrom/T.recvfrom).
>>>>
>>>> Origionally-authored-by: Karel Srot <ksrot@...hat.com>
>>>> Signed-off-by: Ding Tianhong <dingtianhong@...wei.com>
>>>> ---
>>>> net/unix/af_unix.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
>>>> index 51be64f..99189fd 100644
>>>> --- a/net/unix/af_unix.c
>>>> +++ b/net/unix/af_unix.c
>>>> @@ -1413,8 +1413,8 @@ static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
>>>> if (UNIXCB(skb).cred)
>>>> return;
>>>> if (test_bit(SOCK_PASSCRED, &sock->flags) ||
>>>> - !other->sk_socket ||
>>>> - test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
>>>> + (other->sk_socket &&
>>>> + test_bit(SOCK_PASSCRED, &other->sk_socket->flags))) {
>>>> UNIXCB(skb).pid = get_pid(task_tgid(current));
>>>> UNIXCB(skb).cred = get_current_cred();
>>>> }
>>>
>>> I am not sure why adding credentials if other->sk_socket is NULL could
>>> break an application ?
>> The bugzilla has report the bug:https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=3523
>>
>
> OK
>
>>>
>>> This was the case before commit introducing this code.
>>
>> The commit 16e5726269(af_unix: dont send SCM_CREDENTIALS by default) may introducing the problem.
>>
>
> So the problem is that two messages have different credentials,
> because other->sk_socket changed between first and second message.
>
> and unix_stream_recvmsg() has the following check :
>
> if (check_creds) {
> /* Never glue messages from different writers */
> if ((UNIXCB(skb).pid != siocb->scm->pid) ||
> (UNIXCB(skb).cred != siocb->scm->cred))
> break;
> } else {
> /* Copy credentials */
> scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
> check_creds = 1;
> }
>
> In the case the receiver doesnt care at all (using recvfrom(), not recvmsg()),
> we probably should not even call scm_set_creds() and avoid extra refcounting.
>
I think if not call scm_set_creds(), the credential would useles in recvmsg().
we could remove code:
if (check_creds) {
/* Never glue messages from different writers */
if ((UNIXCB(skb).pid != siocb->scm->pid) ||
(UNIXCB(skb).cred != siocb->scm->cred))
break;
} else {
/* Copy credentials */
scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
check_creds = 1;
}
>
>
>
> .
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists