lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 May 2023 11:39:54 -0300
From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
Cc: nhorman@...driver.com, davem@...emloft.net,
	Daniel Borkmann <daniel@...earbox.net>,
	Christian Brauner <brauner@...nel.org>,
	Stanislav Fomichev <sdf@...gle.com>,
	Xin Long <lucien.xin@...il.com>, linux-sctp@...r.kernel.org,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] sctp: add bpf_bypass_getsockopt proto callback

On Wed, May 10, 2023 at 03:15:27PM +0200, Alexander Mikhalitsyn wrote:
> Add bpf_bypass_getsockopt proto callback and filter out
> SCTP_SOCKOPT_PEELOFF and SCTP_SOCKOPT_PEELOFF_FLAGS socket options
> from running eBPF hook on them.
> 
> These options do fd_install(), and if BPF_CGROUP_RUN_PROG_GETSOCKOPT
> hook returns an error after success of the original handler
> sctp_getsockopt(...), userspace will receive an error from getsockopt
> syscall and will be not aware that fd was successfully installed into fdtable.
> 
> This patch was born as a result of discussion around a new SCM_PIDFD interface:
> https://lore.kernel.org/all/20230413133355.350571-3-aleksandr.mikhalitsyn@canonical.com/

I read some of the emails in there but I don't get why the fd leak is
special here. I mean, I get that it leaks, but masking the error
return like this can lead to several other problems in the application
as well.

For example, SCTP_SOCKOPT_CONNECTX3 will trigger a connect(). If it
failed, and the hook returns success, the user app will at least log a
wrong "connection successful".

If the hook can't be responsible for cleaning up before returning a
different value, then maybe we want to extend the list of sockopts in
here. AFAICT these would be the 3 most critical sockopts.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ