lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2c9e57e5-c1fd-91e5-ced6-c573f806becb@schaufler-ca.com>
Date:   Thu, 15 Dec 2016 15:59:12 -0800
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Seung-Woo Kim <sw0312.kim@...sung.com>,
        linux-security-module@...r.kernel.org
Cc:     james.l.morris@...cle.com, serge@...lyn.com,
        linux-kernel@...r.kernel.org, kk.moon@...sung.com,
        jy0922.shim@...sung.com
Subject: Re: [PATCH] Smack: ignore private inode for file functions

On 12/12/2016 12:35 AM, Seung-Woo Kim wrote:
> The access to fd from anon_inode is always failed because there is
> no set xattr operations. So this patch fixes to ignore private
> inode including anon_inode for file functions.
>
> It was only ignored for smack_file_receive() to share dma-buf fd,
> but dma-buf has other functions like ioctl and mmap.
>
> Reference: https://lkml.org/lkml/2015/4/17/16
>
> Signed-off-by: Seung-Woo Kim <sw0312.kim@...sung.com>

Acked-by: Casey Schaufler <casey@...aufler-ca.com>

I have queued this for my 4.11 tree.

> ---
>  security/smack/smack_lsm.c |   12 ++++++++++++
>  1 file changed, 12 insertions(+)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 1cb0602..e7f0bbe 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1632,6 +1632,9 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
>  	struct smk_audit_info ad;
>  	struct inode *inode = file_inode(file);
>  
> +	if (unlikely(IS_PRIVATE(inode)))
> +		return 0;
> +
>  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
>  	smk_ad_setfield_u_fs_path(&ad, file->f_path);
>  
> @@ -1661,6 +1664,9 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
>  	int rc;
>  	struct inode *inode = file_inode(file);
>  
> +	if (unlikely(IS_PRIVATE(inode)))
> +		return 0;
> +
>  	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
>  	smk_ad_setfield_u_fs_path(&ad, file->f_path);
>  	rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
> @@ -1687,6 +1693,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
>  	int rc = 0;
>  	struct inode *inode = file_inode(file);
>  
> +	if (unlikely(IS_PRIVATE(inode)))
> +		return 0;
> +
>  	switch (cmd) {
>  	case F_GETLK:
>  		break;
> @@ -1740,6 +1749,9 @@ static int smack_mmap_file(struct file *file,
>  	if (file == NULL)
>  		return 0;
>  
> +	if (unlikely(IS_PRIVATE(file_inode(file))))
> +		return 0;
> +
>  	isp = file_inode(file)->i_security;
>  	if (isp->smk_mmap == NULL)
>  		return 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ