| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6dd3cdff-c4eb-6457-f04c-199263acd80b@schaufler-ca.com>
Date: Fri, 8 Oct 2021 14:25:39 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: Paul Moore <paul@...l-moore.com>, Todd Kjos <tkjos@...gle.com>
Cc: gregkh@...uxfoundation.org, arve@...roid.com, tkjos@...roid.com,
maco@...roid.com, christian@...uner.io,
James Morris <jmorris@...ei.org>,
Serge Hallyn <serge@...lyn.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>, keescook@...omium.org,
jannh@...gle.com, Jeffrey Vander Stoep <jeffv@...gle.com>,
zohar@...ux.ibm.com, linux-security-module@...r.kernel.org,
selinux@...r.kernel.org, devel@...verdev.osuosl.org,
linux-kernel@...r.kernel.org, joel@...lfernandes.org,
kernel-team@...roid.com, stable@...r.kernel.org,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH v4 3/3] binder: use euid from cred instead of using task
On 10/8/2021 2:12 PM, Paul Moore wrote:
> On Wed, Oct 6, 2021 at 8:46 PM Todd Kjos <tkjos@...gle.com> wrote:
>> Set a transaction's sender_euid from the 'struct cred'
>> saved at binder_open() instead of looking up the euid
>> from the binder proc's 'struct task'. This ensures
>> the euid is associated with the security context that
>> of the task that opened binder.
>>
>> Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
>> Signed-off-by: Todd Kjos <tkjos@...gle.com>
>> Suggested-by: Stephen Smalley <stephen.smalley.work@...il.com>
>> Cc: stable@...r.kernel.org # 4.4+
>> ---
>> v3: added this patch to series
>>
>> drivers/android/binder.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
> This is an interesting ordering of the patches. Unless I'm missing
> something I would have expected patch 3/3 to come first, followed by
> 2/3, with patch 1/3 at the end; basically the reverse of what was
> posted here.
>
> My reading of the previous thread was that Casey has made his peace
> with these changes
Yes. I will address the stacking concerns more directly.
I am still somewhat baffled by the intent of the hook, the data
passed to it, and the SELinux policy enforcement decisions, but
that's beyond my scope.
> so unless anyone has any objections I'll plan on
> merging 2/3 and 3/3 into selinux/stable-5.15 and merging 1/3 into
> selinux/next.
>
>> diff --git a/drivers/android/binder.c b/drivers/android/binder.c
>> index 989afd0804ca..26382e982c5e 100644
>> --- a/drivers/android/binder.c
>> +++ b/drivers/android/binder.c
>> @@ -2711,7 +2711,7 @@ static void binder_transaction(struct binder_proc *proc,
>> t->from = thread;
>> else
>> t->from = NULL;
>> - t->sender_euid = task_euid(proc->tsk);
>> + t->sender_euid = proc->cred->euid;
>> t->to_proc = target_proc;
>> t->to_thread = target_thread;
>> t->code = tr->code;
>> --
>> 2.33.0.800.g4c38ced690-goog
> --
> paul moore
> www.paul-moore.com
Powered by blists - more mailing lists