lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4759B3B9.6080903@schaufler-ca.com> Date: Fri, 07 Dec 2007 12:57:29 -0800 From: Casey Schaufler <casey@...aufler-ca.com> To: akpm@...l.org, torvalds@...l.org Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: [PATCH] (2.6.24-rc4-mm1) -mm Smack getpeercred_stream fix for SO_PEERSEC and TCP From: Casey Schaufler <casey@...aufler-ca.com> Collect the Smack label of the other end on connection so that getsockopt(..., SO_PEERSEC, ...) can report it. This is done in smack_inet_conn_request(). Report the correct value in smack_socket_getpeersec_stream(). Initialize the smk_packet field in the socket blob. Comment on the purpose of smk_packet in the header file and remove the unused smk_depth field from the blob. Signed-off-by: Casey Schaufler <casey@...aufler-ca.com> --- security/smack/smack.h | 7 +++---- security/smack/smack_lsm.c | 14 +++++++++++--- 2 files changed, 14 insertions(+), 7 deletions(-) diff -uprN -X linux-2.6.24-rc4-mm1-base/Documentation/dontdiff linux-2.6.24-rc4-mm1-base/security/smack/smack.h linux-2.6.24-rc4-mm1-smack/security/smack/smack.h --- linux-2.6.24-rc4-mm1-base/security/smack/smack.h 2007-12-04 19:20:59.000000000 -0800 +++ linux-2.6.24-rc4-mm1-smack/security/smack/smack.h 2007-12-07 09:25:16.000000000 -0800 @@ -44,10 +44,9 @@ struct superblock_smack { }; struct socket_smack { - char *smk_out; /* outbound label */ - char *smk_in; /* inbound label */ - char smk_packet[SMK_LABELLEN]; - int smk_depth; + char *smk_out; /* outbound label */ + char *smk_in; /* inbound label */ + char smk_packet[SMK_LABELLEN]; /* TCP peer label */ }; /* diff -uprN -X linux-2.6.24-rc4-mm1-base/Documentation/dontdiff linux-2.6.24-rc4-mm1-base/security/smack/smack_lsm.c linux-2.6.24-rc4-mm1-smack/security/smack/smack_lsm.c --- linux-2.6.24-rc4-mm1-base/security/smack/smack_lsm.c 2007-12-04 19:20:59.000000000 -0800 +++ linux-2.6.24-rc4-mm1-smack/security/smack/smack_lsm.c 2007-12-07 11:10:58.000000000 -0800 @@ -1232,6 +1232,7 @@ static int smack_sk_alloc_security(struc ssp->smk_in = csp; ssp->smk_out = csp; + ssp->smk_packet[0] = '\0'; sk->sk_security = ssp; @@ -2115,11 +2116,11 @@ static int smack_socket_getpeersec_strea int rc = 0; ssp = sock->sk->sk_security; - slen = strlen(ssp->smk_out); + slen = strlen(ssp->smk_packet) + 1; if (slen > len) rc = -ERANGE; - else if (copy_to_user(optval, ssp->smk_out, slen) != 0) + else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) rc = -EFAULT; if (put_user(slen, optlen) != 0) @@ -2251,8 +2252,15 @@ static int smack_inet_conn_request(struc /* * Receiving a packet requires that the other end * be able to write here. Read access is not required. + * + * If the request is successful save the peer's label + * so that SO_PEERCRED can report it. */ - return smk_access(smack, ssp->smk_in, MAY_WRITE); + rc = smk_access(smack, ssp->smk_in, MAY_WRITE); + if (rc == 0) + strncpy(ssp->smk_packet, smack, SMK_MAXLEN); + + return rc; } /* -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists