lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a7972939-d017-abac-6bc5-1df52ceb9dfe@gmail.com>
Date:   Sun, 3 Jul 2022 14:15:57 +0300
From:   Leonard Crestez <cdleonard@...il.com>
To:     Kuniyuki Iwashima <kuniyu@...zon.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
Cc:     Sachin Sant <sachinp@...ux.ibm.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v3 net-next 1/2] af_unix: Put pathname sockets in the
 global hash table.


On 7/2/22 18:48, Kuniyuki Iwashima wrote:
> Commit cf2f225e2653 ("af_unix: Put a socket into a per-netns hash table.")
> accidentally broke user API for pathname sockets.  A socket was able to
> connect() to a pathname socket whose file was visible even if they were in
> different network namespaces.
> 
> The commit puts all sockets into a per-netns hash table.  As a result,
> connect() to a pathname socket in a different netns fails to find it in the
> caller's per-netns hash table and returns -ECONNREFUSED even when the task
> can view the peer socket file.
> 
> We can reproduce this issue by:
> 
>    Console A:
> 
>      # python3
>      >>> from socket import *
>      >>> s = socket(AF_UNIX, SOCK_STREAM, 0)
>      >>> s.bind('test')
>      >>> s.listen(32)
> 
>    Console B:
> 
>      # ip netns add test
>      # ip netns exec test sh
>      # python3
>      >>> from socket import *
>      >>> s = socket(AF_UNIX, SOCK_STREAM, 0)
>      >>> s.connect('test')
> 
> Note when dumping sockets by sock_diag, procfs, and bpf_iter, they are
> filtered only by netns.  In other words, even if they are visible and
> connect()able, all sockets in different netns are skipped while iterating
> sockets.  Thus, we need a fix only for finding a peer pathname socket.
> 
> This patch adds a global hash table for pathname sockets, links them with
> sk_bind_node, and uses it in unix_find_socket_byinode().  By doing so, we
> can keep sockets in per-netns hash tables and dump them easily.
> 
> Thanks to Sachin Sant and Leonard Crestez for reports, logs and a reproducer.
> 
> Fixes: cf2f225e2653 ("af_unix: Put a socket into a per-netns hash table.")
> Reported-by: Sachin Sant <sachinp@...ux.ibm.com>
> Reported-by: Leonard Crestez <cdleonard@...il.com>
> Tested-by: Sachin Sant <sachinp@...ux.ibm.com>
> Tested-by: Nathan Chancellor <nathan@...nel.org>
> Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>

Tested-by: Leonard Crestez <cdleonard@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ