lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1300895847.28871.13.camel@unknown001a4b0c2895>
Date:	Wed, 23 Mar 2011 11:57:27 -0400
From:	Eric Paris <eparis@...hat.com>
To:	David Miller <davem@...emloft.net>
Cc:	pekane52@...il.com, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org, cxzhang@...son.ibm.com, sds@...ho.nsa.gov,
	jmorris@...ei.org, eparis@...isplace.org, paul.moore@...com
Subject: Re: [PATCH v2] net/unix: Add secdata to unix_stream msgs

On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote:
> From: Pat Kane <pekane52@...il.com>
> Date: Tue, 22 Mar 2011 19:38:37 -0500
> 
> > The unix_dgram routines add secdata to socket messages,
> > but the unix_stream routines do not. I have added the
> > two missing lines of code.
> > 
> > Signed-off-by: Pat Kane <pekane52@...il.com>
> 
> The security hooks appear to be only intended to operate on datagram
> sockets, and as such I think the omission of UNIX stream sockets was
> very much on purpose.
> 
> The SELINUX hook implementations even have "_dgram()" in their names.
> 
> Catherine Zhang added to CC: as she last made modifications to these
> hooks.

And I'll add Paul Moore as I think he understands the intersection
of /net and /security better than anyone.

> 
> > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> > index 1663e1a..8753cdd 100644
> > --- a/net/unix/af_unix.c
> > +++ b/net/unix/af_unix.c
> > @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
> >  		max_level = err + 1;
> >  		fds_sent = true;
> >  
> > +		unix_get_secdata(siocb->scm, skb);
> > +
> >  		err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
> >  		if (err) {
> >  			kfree_skb(skb);
> > @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
> >  		} else {
> >  			/* Copy credentials */
> >  			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
> > +			unix_set_secdata(siocb->scm, skb);
> >  			check_creds = 1;
> >  		}
> >  
> > -- 
> > 1.7.1
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@...r.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ