lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Oct 2017 12:29:37 +0300 From: Konstantin Khlebnikov <khlebnikov@...dex-team.ru> To: James Morris <jmorris@...ei.org>, Casey Schaufler <casey@...aufler-ca.com> Cc: linux-kernel <linux-kernel@...r.kernel.org>, Serge Hallyn <serge@...lyn.com>, James Morris <james.l.morris@...cle.com>, LSM List <linux-security-module@...r.kernel.org>, Stephen Smalley <sds@...ho.nsa.gov> Subject: Re: [PATCH] fix security_release_secctx seems broken On 04.10.2017 09:17, James Morris wrote: > On Tue, 19 Sep 2017, Casey Schaufler wrote: > >> Subject: [PATCH] fix security_release_secctx seems broken >> >> security_inode_getsecurity() provides the text string value >> of a security attribute. It does not provide a "secctx". >> The code in xattr_getsecurity() that calls security_inode_getsecurity() >> and then calls security_release_secctx() happened to work because >> SElinux and Smack treat the attribute and the secctx the same way. >> It fails for cap_inode_getsecurity(), because that module has no >> secctx that ever needs releasing. It turns out that Smack is the >> one that's doing things wrong by not allocating memory when instructed >> to do so by the "alloc" parameter. >> >> The fix is simple enough. Change the security_release_secctx() to >> kfree() because it isn't a secctx being returned by >> security_inode_getsecurity(). Change Smack to allocate the string when >> told to do so. >> >> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com> > > Looks good to me. I wonder why security_release_secctx was used in the > first place? (it arrived via commit 42492594) > > Konstantin: how did you trigger this? Just "getcap /bin/ping" is enough to tigger leak if file has capabilities. Selinux shouldn't be loaded because its release_secctx hook call kfree. But sometimes it takes some time for kmemleak to find leak. Presumably because stale poiner stays on stack which could be reused nowdays. > > I plan to send this to Linus for -rc4 unless anyone has objections. > >
Powered by blists - more mailing lists