lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 26 Jul 2006 16:50:40 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Catherine Zhang <cxzhang@...son.ibm.com>
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	jmorris@...ei.org, davem@...emloft.net, catalin.marinas@...il.com,
	michal.k.k.piotrowski@...il.com, czhang.us@...il.com
Subject: Re: RFC: kernel memory leak fix for af_unix datagram getpeersec

On Wed, 2006-07-26 at 16:19 -0400, Catherine Zhang wrote:
> diff -puN include/net/scm.h~af_unix-datagram-getpeersec-ml-fix include/net/scm.h
> --- linux-2.6.18-rc2/include/net/scm.h~af_unix-datagram-getpeersec-ml-fix	2006-07-22 21:28:21.000000000 -0400
> +++ linux-2.6.18-rc2-cxzhang/include/net/scm.h	2006-07-24 11:19:54.000000000 -0400
> @@ -3,6 +3,7 @@
>  
>  #include <linux/limits.h>
>  #include <linux/net.h>
> +#include <linux/security.h>
>  
>  /* Well, we should have at least one descriptor open
>   * to accept passed FDs 8)
> @@ -20,8 +21,7 @@ struct scm_cookie
>  	struct ucred		creds;		/* Skb credentials	*/
>  	struct scm_fp_list	*fp;		/* Passed files		*/
>  #ifdef CONFIG_SECURITY_NETWORK
> -	char			*secdata;	/* Security context	*/
> -	u32			seclen;		/* Security length	*/
> +	u32			sid;		/* Passed security ID 	*/

I think that "secid" is what has been chosen for security identifiers
outside of the core SELinux code to to avoid confusion with session
identifiers.  Lingering references to sid or ctxid are going to be
converted to secid.

> diff -puN net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix net/unix/af_unix.c
> --- linux-2.6.18-rc2/net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix	2006-07-22 23:01:26.000000000 -0400
> +++ linux-2.6.18-rc2-cxzhang/net/unix/af_unix.c	2006-07-22 23:14:15.000000000 -0400
> @@ -1323,8 +1299,9 @@ static int unix_dgram_sendmsg(struct kio
>  	memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
>  	if (siocb->scm->fp)
>  		unix_attach_fds(siocb->scm, skb);
> -
> -	unix_get_peersec_dgram(skb);
> +#ifdef CONFIG_SECURITY_NETWORK
> +	memcpy(UNIXSID(skb), &siocb->scm->sid, sizeof(u32));
> +#endif /* CONFIG_SECURITY_NETWORK */

You want to retain the static inlines, and just update their contents,
not replace them with embedded #ifdefs.  And this could be a direct
assignment, right?

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ