lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d476b21729cafb28c1b881113a563b1f.paul@paul-moore.com>
Date:   Tue, 12 Sep 2023 17:07:58 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Stephen Smalley <stephen.smalley.work@...il.com>,
        Christian Göttsche <cgzones@...glemail.com>
Cc:     selinux@...r.kernel.org, Eric Paris <eparis@...isplace.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] selinux: reject invalid ebitmaps

On Aug 18, 2023 Stephen Smalley <stephen.smalley.work@...il.com> wrote:
> 
> Reject ebitmaps with a node containing an empty map or with an incorrect
> highbit.  Both checks are already performed by userspace, the former
> since 2008 (patch 13cd4c896068 ("initial import from svn trunk revision
> 2950")), the latter since v2.7 in 2017 (patch 75b14a5de10a ("libsepol:
> ebitmap: reject loading bitmaps with incorrect high bit")).
> 
> Signed-off-by: Christian Göttsche <cgzones@...glemail.com>
> Reviewed-by: Stephen Smalley <stephen.smalley.work@...il.com>
> ---
>  security/selinux/ss/ebitmap.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> index 77875ad355f7..ac9da819531d 100644
> --- a/security/selinux/ss/ebitmap.c
> +++ b/security/selinux/ss/ebitmap.c

...

> @@ -457,6 +461,13 @@ int ebitmap_read(struct ebitmap *e, void *fp)
>  			map = EBITMAP_SHIFT_UNIT_SIZE(map);
>  		}
>  	}
> +
> +	if (n && n->startbit + EBITMAP_SIZE != e->highbit) {
> +		pr_err("SELinux: ebitmap: high bit %d has not the expected value %ld\n",

That reads a little awkward in English, how about "high bit %d is not
equal to the expected value %ld\n"?

> +		       e->highbit, n->startbit + EBITMAP_SIZE);
> +		goto bad;
> +	}
> +
>  ok:
>  	rc = 0;
>  out:
> -- 
> 2.40.1

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ