lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Sep 2011 19:18:09 -0700 From: Casey Schaufler <casey@...aufler-ca.com> To: Casey Schaufler <casey@...aufler-ca.com> CC: LKLM <linux-kernel@...r.kernel.org>, LSM <linux-security-module@...r.kernel.org> Subject: Re: [PATCH] Smack: Provide information for UDS getsockopt(SO_PEERCRED) On 9/26/2011 2:43 PM, Casey Schaufler wrote: > > This patch is targeted for the smack-next tree. > > This patch takes advantage of the recent changes for performance > and points the packet labels on UDS connect at the output label of > the far side. This makes getsockopt(...SO_PEERCRED...) function > properly. Without this change the getsockopt does not provide any > information. > > Signed-off-by: Casey Schaufler <casey@...aufler-ca.com> Applied to git://gitorious.org/smack-next/kernel.git > --- > > security/smack/smack_lsm.c | 9 +++++++++ > 1 files changed, 9 insertions(+), 0 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 2e71c3f..7d29351 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -2767,6 +2767,7 @@ static int smack_unix_stream_connect(struct sock *sock, > { > struct socket_smack *ssp = sock->sk_security; > struct socket_smack *osp = other->sk_security; > + struct socket_smack *nsp = newsk->sk_security; > struct smk_audit_info ad; > int rc = 0; > > @@ -2776,6 +2777,14 @@ static int smack_unix_stream_connect(struct sock *sock, > if (!capable(CAP_MAC_OVERRIDE)) > rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); > > + /* > + * Cross reference the peer labels for SO_PEERSEC. > + */ > + if (rc == 0) { > + nsp->smk_packet = ssp->smk_out; > + ssp->smk_packet = osp->smk_out; > + } > + > return rc; > } > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists