lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Jul 2022 14:15:57 +0300 From: Leonard Crestez <cdleonard@...il.com> To: Kuniyuki Iwashima <kuniyu@...zon.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Cc: Sachin Sant <sachinp@...ux.ibm.com>, Nathan Chancellor <nathan@...nel.org>, Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org Subject: Re: [PATCH v3 net-next 1/2] af_unix: Put pathname sockets in the global hash table. On 7/2/22 18:48, Kuniyuki Iwashima wrote: > Commit cf2f225e2653 ("af_unix: Put a socket into a per-netns hash table.") > accidentally broke user API for pathname sockets. A socket was able to > connect() to a pathname socket whose file was visible even if they were in > different network namespaces. > > The commit puts all sockets into a per-netns hash table. As a result, > connect() to a pathname socket in a different netns fails to find it in the > caller's per-netns hash table and returns -ECONNREFUSED even when the task > can view the peer socket file. > > We can reproduce this issue by: > > Console A: > > # python3 > >>> from socket import * > >>> s = socket(AF_UNIX, SOCK_STREAM, 0) > >>> s.bind('test') > >>> s.listen(32) > > Console B: > > # ip netns add test > # ip netns exec test sh > # python3 > >>> from socket import * > >>> s = socket(AF_UNIX, SOCK_STREAM, 0) > >>> s.connect('test') > > Note when dumping sockets by sock_diag, procfs, and bpf_iter, they are > filtered only by netns. In other words, even if they are visible and > connect()able, all sockets in different netns are skipped while iterating > sockets. Thus, we need a fix only for finding a peer pathname socket. > > This patch adds a global hash table for pathname sockets, links them with > sk_bind_node, and uses it in unix_find_socket_byinode(). By doing so, we > can keep sockets in per-netns hash tables and dump them easily. > > Thanks to Sachin Sant and Leonard Crestez for reports, logs and a reproducer. > > Fixes: cf2f225e2653 ("af_unix: Put a socket into a per-netns hash table.") > Reported-by: Sachin Sant <sachinp@...ux.ibm.com> > Reported-by: Leonard Crestez <cdleonard@...il.com> > Tested-by: Sachin Sant <sachinp@...ux.ibm.com> > Tested-by: Nathan Chancellor <nathan@...nel.org> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com> Tested-by: Leonard Crestez <cdleonard@...il.com>
Powered by blists - more mailing lists