| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211026111801.vrz4ofs42udz2n52@steredhat>
Date: Tue, 26 Oct 2021 13:18:01 +0200
From: Stefano Garzarella <sgarzare@...hat.com>
To: Marc-André Lureau <marcandre.lureau@...hat.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
davem@...emloft.net, kuba@...nel.org
Subject: Re: [PATCH 06/10] vsock: set socket peercred
On Thu, Oct 21, 2021 at 04:37:10PM +0400, Marc-André Lureau wrote:
>When AF_VSOCK socket is created, the peercreds are set to the current
>process values.
>
>This is how AF_UNIX listen work too, but unconnected AF_UNIX sockets
>return pid:0 & uid/gid:-1.
>
>Signed-off-by: Marc-André Lureau <marcandre.lureau@...hat.com>
>---
> net/vmw_vsock/af_vsock.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
>index 1925682a942a..9b211ff49b08 100644
>--- a/net/vmw_vsock/af_vsock.c
>+++ b/net/vmw_vsock/af_vsock.c
>@@ -760,6 +760,7 @@ static struct sock *__vsock_create(struct net *net,
>
> psk = parent ? vsock_sk(parent) : NULL;
> if (parent) {
>+ sock_copy_peercred(sk, parent);
> vsk->trusted = psk->trusted;
> #if IS_ENABLED(CONFIG_VMWARE_VMCI_VSOCKETS)
> vsk->owner = get_cred(psk->owner);
>@@ -770,6 +771,7 @@ static struct sock *__vsock_create(struct net *net,
> vsk->buffer_max_size = psk->buffer_max_size;
> security_sk_clone(parent, sk);
> } else {
>+ sock_init_peercred(sk);
IIUC in AF_UNIX the sock_init_peercred() is called only when the
connection is established, so I think we should do the same.
In the single transports or in some way in the core when the transports
call vsock_insert_connected().
Thanks,
Stefano
Powered by blists - more mailing lists