lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 Mar 2023 21:13:29 +0300
From:   "Konstantin Meskhidze (A)" <konstantin.meskhidze@...wei.com>
To:     Mickaël Salaün <mic@...ikod.net>
CC:     <willemdebruijn.kernel@...il.com>, <gnoack3000@...il.com>,
        <linux-security-module@...r.kernel.org>, <netdev@...r.kernel.org>,
        <netfilter-devel@...r.kernel.org>, <yusongping@...wei.com>,
        <artem.kuzin@...wei.com>
Subject: Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites
 dedicated to network



3/6/2023 7:00 PM, Mickaël Salaün пишет:
> 
> On 06/03/2023 13:03, Konstantin Meskhidze (A) wrote:
>> 
>> 
>> 2/21/2023 9:05 PM, Mickaël Salaün пишет:
>>>
>>> On 16/01/2023 09:58, Konstantin Meskhidze wrote:
>>>> These test suites try to check edge cases for TCP sockets
>>>> bind() and connect() actions.
>>>>
>>>> socket:
>>>> * bind: Tests with non-landlocked/landlocked ipv4 and ipv6 sockets.
>>>> * connect: Tests with non-landlocked/landlocked ipv4 and ipv6 sockets.
>>>> * bind_afunspec: Tests with non-landlocked/landlocked restrictions
>>>> for bind action with AF_UNSPEC socket family.
>>>> * connect_afunspec: Tests with non-landlocked/landlocked restrictions
>>>> for connect action with AF_UNSPEC socket family.
>>>> * ruleset_overlap: Tests with overlapping rules for one port.
>>>> * ruleset_expanding: Tests with expanding rulesets in which rules are
>>>> gradually added one by one, restricting sockets' connections.
>>>> * inval: Tests with invalid user space supplied data:
>>>>       - out of range ruleset attribute;
>>>>       - unhandled allowed access;
>>>>       - zero port value;
>>>>       - zero access value;
>>>>       - legitimate access values;
>>>> * bind_connect_inval_addrlen: Tests with invalid address length
>>>> for ipv4/ipv6 sockets.
>>>> * inval_port_format: Tests with wrong port format for ipv4/ipv6 sockets.
>>>>
>>>> layout1:
>>>> * with_net: Tests with network bind() socket action within
>>>> filesystem directory access test.
>>>>
>>>> Test coverage for security/landlock is 94.1% of 946 lines according
>>>> to gcc/gcov-11.
>>>>
>>>> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
>>>> ---
>>>>
>>>> Changes since v8:
>>>> * Adds is_sandboxed const for FIXTURE_VARIANT(socket).
>>>> * Refactors AF_UNSPEC tests.
>>>> * Adds address length checking tests.
>>>> * Convert ports in all tests to __be16.
>>>> * Adds invalid port values tests.
>>>> * Minor fixes.
>>>>
>>>> Changes since v7:
>>>> * Squashes all selftest commits.
>>>> * Adds fs test with network bind() socket action.
>>>> * Minor fixes.
>>>>
>>>> ---
>>>>    tools/testing/selftests/landlock/config     |    4 +
>>>>    tools/testing/selftests/landlock/fs_test.c  |   65 ++
>>>>    tools/testing/selftests/landlock/net_test.c | 1157 +++++++++++++++++++
>>>>    3 files changed, 1226 insertions(+)
>>>>    create mode 100644 tools/testing/selftests/landlock/net_test.c
>>>>
>>>> diff --git a/tools/testing/selftests/landlock/config b/tools/testing/selftests/landlock/config
>>>> index 0f0a65287bac..71f7e9a8a64c 100644
>>>> --- a/tools/testing/selftests/landlock/config
>>>> +++ b/tools/testing/selftests/landlock/config
> 
> [...]
> 
>>>> +static int bind_variant(const struct _fixture_variant_socket *const variant,
>>>> +			const int sockfd,
>>>> +			const struct _test_data_socket *const self,
>>>> +			const size_t index, const bool zero_size)
>>>> +
>>>
>>> Extra new line.
>> 
>>    Will be deleted. Thanks. >>
>>>> +{
>>>> +	if (variant->is_ipv4)
>>>> +		return bind(sockfd, &self->addr4[index],
>>>> +			    (zero_size ? 0 : sizeof(self->addr4[index])));
>>>
>>> Is the zero_size really useful? Do calling bind and connect with this
>>> argument reaches the Landlock code (check_addrlen) or is it caught by
>>> the network code beforehand?
>> 
>>     In __sys_bind() syscall security_socket_bind() function goes before
>>     sock->ops->bind() method. Selinux and Smacks provide such checks in
>>     bind()/connect() hooks, so I think Landlock should do the same.
>>     What do you think?
> 
> Yes, we should keep these checks. However, we should have a
> bind_variant() without the zero_size argument because it is only set to
> true once (in bind_connect_inval_addrlen). You can explicitly call
> bind() with a zero size in bind_connect_inval_addrlen().
> 
> Same for connect_variant().

  Ok. Will be fixed.
> 
> 
>>>
>>>
>>>> +	else
>>>> +		return bind(sockfd, &self->addr6[index],
>>>> +			    (zero_size ? 0 : sizeof(self->addr6[index])));
>>>> +}
>>>> +
>>>> +static int connect_variant(const struct _fixture_variant_socket *const variant,
>>>> +			   const int sockfd,
>>>> +			   const struct _test_data_socket *const self,
>>>> +			   const size_t index, const bool zero_size)
>>>> +{
>>>> +	if (variant->is_ipv4)
>>>> +		return connect(sockfd, &self->addr4[index],
>>>> +			       (zero_size ? 0 : sizeof(self->addr4[index])));
>>>> +	else
>>>> +		return connect(sockfd, &self->addr6[index],
>>>> +			       (zero_size ? 0 : sizeof(self->addr6[index])));
>>>> +}
> .

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ