| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240920.choPhoa8ahp8@digikod.net>
Date: Fri, 20 Sep 2024 15:39:17 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Matthieu Buffet <matthieu@...fet.re>
Cc: Günther Noack <gnoack@...gle.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E . Hallyn" <serge@...lyn.com>, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
Subject: Re: [RFC PATCH v1 3/7] landlock: Add UDP bind+connect access control
On Mon, Sep 16, 2024 at 02:22:26PM +0200, Matthieu Buffet wrote:
> Add support for two more access rights:
>
> - LANDLOCK_ACCESS_NET_CONNECT_UDP, to gate the possibility to connect()
> an inet SOCK_DGRAM socket. This will be used by some client applications
> (those who want to avoid specifying a destination for each datagram in
> sendmsg), and for a few servers (those creating a socket per-client, who
> want to only receive traffic from each client on these sockets)
>
> - LANDLOCK_ACCESS_NET_BIND_UDP, to gate the possibility to bind() an
> inet SOCK_DGRAM socket. This will be required for most server
> applications (to start listening for datagrams on a non-ephemeral
> port) and can be useful for some client applications (to set the
> source port of future datagrams)
>
> Also bump the ABI version from 5 to 6 so that userland can detect
> whether these rights are supported and actually use them.
>
Closes: https://github.com/landlock-lsm/linux/issues/10
> Signed-off-by: Matthieu Buffet <matthieu@...fet.re>
> ---
> include/uapi/linux/landlock.h | 48 +++++++++++++++++++++++--------
> security/landlock/limits.h | 2 +-
> security/landlock/net.c | 54 ++++++++++++++++++++++++++---------
> security/landlock/syscalls.c | 2 +-
> 4 files changed, 79 insertions(+), 27 deletions(-)
>
> diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
> index 2c8dbc74b955..7f9aa1cd2912 100644
> --- a/include/uapi/linux/landlock.h
> +++ b/include/uapi/linux/landlock.h
> @@ -113,12 +113,15 @@ struct landlock_net_port_attr {
> *
> * It should be noted that port 0 passed to :manpage:`bind(2)` will bind
> * to an available port from the ephemeral port range. This can be
> - * configured with the ``/proc/sys/net/ipv4/ip_local_port_range`` sysctl
> - * (also used for IPv6).
> + * configured globally with the
> + * ``/proc/sys/net/ipv4/ip_local_port_range`` sysctl (also used for
> + * IPv6), and on a per-socket basis using
> + * ``setsockopt(IP_LOCAL_PORT_RANGE)``.
Interesting... setsockopt(IP_LOCAL_PORT_RANGE) can always be set
independant of the sysctl, but fortunately it is only taken into account
if it fits into the sysctl range (see inet_sk_get_local_port_range),
which makes sense.
> *
> * A Landlock rule with port 0 and the ``LANDLOCK_ACCESS_NET_BIND_TCP``
> - * right means that requesting to bind on port 0 is allowed and it will
> - * automatically translate to binding on the related port range.
> + * or ``LANDLOCK_ACCESS_NET_BIND_UDP`` right means that requesting to
> + * bind on port 0 is allowed and it will automatically translate to
> + * binding on the related port range.
> */
> __u64 port;
> };
Powered by blists - more mailing lists