lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201108022052.FBE56208.FLQHFtMOVOSOJF@I-love.SAKURA.ne.jp>
Date:	Tue, 2 Aug 2011 20:52:05 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	davem@...emloft.net
Cc:	eparis@...isplace.org, anton@...ba.org, casey@...aufler-ca.com,
	mjt@....msk.ru, netdev@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem.

David Miller wrote:
> Actually, I change my mind. :-)
> 
> I think sendmmsg() needs to unconditionally not report an error if any
> datagrams were sent successfully.

What about adding

 #ifdef CONFIG_SECURITY_NETWORK
 static inline bool security_socket_may_send_multiple_address(void)
 {
	return security_ops->socket_may_send_multiple_address;
 }
 #else
 static inline bool security_socket_may_send_multiple_address(void)
 {
	return true;
 }
 #endif

and letting SMACK and TOMOYO return false and others return true?

The check will look like

  if (sendmmsg) {
    Record destination address of first datagram if first datagram,
    compare with recorded address and subsequent datagram otherwise.
    If same address, continue. Otherwise, call
    security_socket_may_send_multiple_address() and break if it returns false.
  }

. The side effect is that sendmmsg() will be allowed to send to single
destination if underlying  LSM module does not permit sending to multiple
address, to multiple destination otherwise. As long as sendmmsg() is used for
sending to single destination, there will be no performance loss.

It will be kmalloc()-free, fast and simple. Also, makes LSM stacking easier.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ