lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_E8AA2ECB6ED7CC88A7F746FED2C4065B0906@qq.com>
Date: Wed, 12 Mar 2025 09:05:23 +0800
From: Edward Adam Davis <eadavis@...com>
To: stephen.smalley.work@...il.com
Cc: eadavis@...com,
	linux-kernel@...r.kernel.org,
	omosnace@...hat.com,
	paul@...l-moore.com,
	selinux@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH V2] selinux: access sid under READ/WRITE_ONCE

On Tue, 11 Mar 2025 11:19:49 -0400, Stephen Smalley wrote:
> > Reported-by: syzbot+00c633585760c05507c3@...kaller.appspotmail.com
> > Closes: https://syzkaller.appspot.com/bug?extid=00c633585760c05507c3
> > Signed-off-by: Edward Adam Davis <eadavis@...com>
> > ---
> > V1 -> V2: replace with READ_ONCE/WRITE_ONCE
> 
> Thanks for the patch. Did you audit all other users of sksec->sid to
> see if they too should be wrapped with READ_ONCE()/WRITE_ONCE() or are
> already safe?
This fix is only for the issues reported by syzbot+00c633585760c05507c3.
I have confirmed that there are many contexts related to "sksec->sid" (at
least 29). I am not familiar with selinux, and it is unnecessary to do
excessive fixes before syzbot reports other issues.

Maybe the subject of my patch is not appropriate, and it may be more
appropriate to adjust it to "selinux: fix data race in socket create and
receive skb".

BR,
Edward

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ