lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240820191436.GD2898@kernel.org>
Date: Tue, 20 Aug 2024 20:14:36 +0100
From: Simon Horman <horms@...nel.org>
To: Tahera Fahimi <fahimitahera@...il.com>
Cc: outreachy@...ts.linux.dev, mic@...ikod.net, gnoack@...gle.com,
	paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
	bjorn3_gh@...tonmail.com, jannh@...gle.com, netdev@...r.kernel.org
Subject: Re: [PATCH v10 1/6] Landlock: Add abstract UNIX socket connect
 restriction

On Mon, Aug 19, 2024 at 10:08:51PM -0600, Tahera Fahimi wrote:
> This patch introduces a new "scoped" attribute to the landlock_ruleset_attr
> that can specify "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" to scope
> abstract UNIX sockets from connecting to a process outside of
> the same Landlock domain. It implements two hooks, unix_stream_connect
> and unix_may_send to enforce this restriction.
> 
> Closes: https://github.com/landlock-lsm/linux/issues/7
> Signed-off-by: Tahera Fahimi <fahimitahera@...il.com>

...

> diff --git a/security/landlock/task.c b/security/landlock/task.c

...

> @@ -108,9 +110,134 @@ static int hook_ptrace_traceme(struct task_struct *const parent)
>  	return task_ptrace(parent, current);
>  }
>  
> +/**
> + * domain_is_scoped - Checks if the client domain is scoped in the same
> + *			domain as the server.
> + *
> + * @client: IPC sender domain.
> + * @server: IPC receiver domain.

nit: @scope should be documented here.

> + *
> + * Return true if the @client domain is scoped to access the @server,

nit: Kernel doc returns sections start with "Return:" or "Returns:".
     It might be worth using that syntax here.

> + * unless the @server is also scoped in the same domain as @client.
> + */
> +static bool domain_is_scoped(const struct landlock_ruleset *const client,
> +			     const struct landlock_ruleset *const server,
> +			     access_mask_t scope)

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ