lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1720203255.git.fahimitahera@gmail.com>
Date: Fri, 5 Jul 2024 12:58:10 -0600
From: Tahera Fahimi <fahimitahera@...il.com>
To: Mickaël Salaün <mic@...ikod.net>,
	Günther Noack <gnoack@...gle.com>,
	Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Jann Horn <jannh@...gle.com>, outreachy@...ts.linux.dev,
	netdev@...r.kernel.org
Subject: [PATCH 0/2] Landlock: Add abstract unix socket connect reastriction

This patch series introduces the optional scoping of abstract unix
sockets. This feature aims to scope the connection of an abstract socket
from a sandbox process to other sockets outside of the sandbox domain.
(see [1, 2])

The following changes are included in this series:
  [PATCH 1/2]: Introduce the "scoped" field to the ruleset structure in
               the user space interface, and add the restriction
               mechanism to Landlock.
  [PATCH 2/2]: Add three comprehensive tests for the new feature.

Tahera Fahimi (2):
  Landlock: Add abstract unix socket connect restriction
  Landlock: Abstract unix socket restriction tests

 include/uapi/linux/landlock.h                 |  29 +
 security/landlock/limits.h                    |   3 +
 security/landlock/ruleset.c                   |   7 +-
 security/landlock/ruleset.h                   |  23 +-
 security/landlock/syscalls.c                  |  12 +-
 security/landlock/task.c                      |  62 ++
 .../testing/selftests/landlock/ptrace_test.c  | 786 ++++++++++++++++++
 7 files changed, 916 insertions(+), 6 deletions(-)

[1]: https://lore.kernel.org/all/20231023.ahphah4Wii4v@digikod.net/
[2]: https://lore.kernel.org/all/20231102.MaeWaepav8nu@digikod.net/
-- 
2.34.1


View attachment "0001-landlock-Add-abstract-unix-socket-connect-restrictio.patch" of type "text/x-diff" (11705 bytes)

View attachment "0002-landlock-Abstract-unix-socket-restriction-tests.patch" of type "text/x-diff" (22381 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ