lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <736cf361-1eaf-2d5e-ffc5-c5cda6e2ec7d@schaufler-ca.com>
Date:   Mon, 27 Jan 2020 09:34:33 -0800
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Stephen Smalley <sds@...ho.nsa.gov>, casey.schaufler@...el.com,
        jmorris@...ei.org, linux-security-module@...r.kernel.org,
        selinux@...r.kernel.org
Cc:     keescook@...omium.org, john.johansen@...onical.com,
        penguin-kernel@...ove.sakura.ne.jp, paul@...l-moore.com,
        lorenzo@...gle.com, "David S. Miller" <davem@...emloft.net>,
        amade@...blr.net,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        maxk@....qualcomm.com, Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: KASAN slab-out-of-bounds in tun_chr_open/sock_init_data (Was: Re:
 [PATCH v14 00/23] LSM: Module stacking for AppArmor)

On 1/27/2020 8:56 AM, Stephen Smalley wrote:
> On 1/27/20 11:14 AM, Stephen Smalley wrote:
>> On 1/24/20 4:49 PM, Casey Schaufler wrote:
>>> On 1/24/2020 1:04 PM, Stephen Smalley wrote:
>>>> On 1/23/20 7:22 PM, Casey Schaufler wrote:
>>>>> This patchset provides the changes required for
>>>>> the AppArmor security module to stack safely with any other.
>>>>>
>>>>> v14: Rebase to 5.5-rc5
>>>>>        Incorporate feedback from v13
>>>>>        - Use an array of audit rules (patch 0002)
>>>>>        - Significant change, removed Acks (patch 0002)
>>>>>        - Remove unneeded include (patch 0013)
>>>>>        - Use context.len correctly (patch 0015)
>>>>>        - Reorder code to be more sensible (patch 0016)
>>>>>        - Drop SO_PEERCONTEXT as it's not needed yet (patch 0023)
>>>>
>>>> I don't know for sure if this is your bug, but it happens every time I boot with your patches applied and not at all on stock v5.5-rc5 so here it is.  Will try to bisect as time permits but not until next week. Trigger seems to be loading the tun driver.
>>>
>>> Thanks. I will have a look as well.
>>
>> Bisection led to the first patch in the series, "LSM: Infrastructure management of the sock security". Still not sure if the bug is in the patch itself or just being surfaced by it.
>
> Looks like the bug is pre-existing to me and just exposed by your patch.

OK, thanks. I don't see how moving the allocation ought to have
perturbed that, but it's good to know what happened.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ