| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201107222127.GBG51007.FStQFVOHOFOLJM@I-love.SAKURA.ne.jp>
Date: Fri, 22 Jul 2011 21:27:02 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: casey@...aufler-ca.com
Cc: netdev@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: Question regarding sendmmsg().
Tetsuo Handa wrote:
> According to http://ozlabs.org/~anton/junkcode/sendmmsg_test.c , the sendmmsg()
> introduced by commit 228e548e "net: Add sendmmsg socket system call" is capable
> of sending to multiple different destinations with single sendmmsg(), isn't it?
>
> If yes, my plan (restricting sendmsg() based on destination's address) became
> impossible since security_socket_sendmsg() (which receives the destination's
> address) is called for only once even if there are multiple different
> destinations.
It seems to me that sendmmsg() caused a regression for SMACK.
SMACK implements security_socket_sendmsg() which uses destination address.
static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
int size)
{
struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
/*
* Perfectly reasonable for this to be NULL
*/
if (sip == NULL || sip->sin_family != AF_INET)
return 0;
return smack_netlabel_send(sock->sk, sip);
}
I think SMACK wants to know all destination addresses as with TOMOYO.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists