lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhR42y0BaUPB_BgW+8oadDc36xPJRzEqh9Mwqa1RaMMZXQ@mail.gmail.com>
Date: Fri, 29 Mar 2024 17:34:07 -0400
From: Paul Moore <paul@...l-moore.com>
To: Mickaël Salaün <mic@...ikod.net>
Cc: linux-security-module@...r.kernel.org, netdev@...r.kernel.org, 
	Eric Dumazet <edumazet@...gle.com>, Günther Noack <gnoack@...gle.com>, 
	Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>, 
	Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, 
	Muhammad Usama Anjum <usama.anjum@...labora.com>, "Serge E . Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH v1 1/2] lsm: Check and handle error priority for
 socket_bind and socket_connect

On Wed, Mar 27, 2024 at 8:00 AM Mickaël Salaün <mic@...ikod.net> wrote:
>
> Because the security_socket_bind and the security_socket_bind hooks are
> called before the network stack, it is easy to introduce error code
> inconsistencies. Instead of adding new checks to current and future
> LSMs, let's fix the related hook instead. The new checks are already
> (partially) implemented by SELinux and Landlock, and it should not
> change user space behavior but improve error code consistency instead.
>
> The first check is about the minimal sockaddr length according to the
> address family. This improves the security of the AF_INET and AF_INET6
> sockaddr parsing for current and future LSMs.
>
> The second check is about AF_UNSPEC. This fixes error priority for bind
> on PF_INET6 socket when SELinux (and potentially others) is enabled.
> Indeed, the IPv6 network stack first checks the sockaddr length (-EINVAL
> error) before checking the family (-EAFNOSUPPORT error). See commit
> bbf5a1d0e5d0 ("selinux: Fix error priority for bind with AF_UNSPEC on
> PF_INET6 socket").
>
> The third check is about consistency between socket family and address
> family. Only AF_INET and AF_INET6 are tested (by Landlock tests), so no
> other protocols are checked for now.
>
> These new checks should enable to simplify current LSM implementations,
> but we may want to first land this patch on all stable branches.

[Dropping Alexey Kodanev due to email problems]

This isn't something I would want to see backported to the various
stable trees, this is a consolidation and cleanup for future work, not
really a bugfix.  If an individual LSM is currently missing an address
sanity check that should be resolved with a targeted patch that can be
safely backported without affecting other LSMs.

Now, all that doesn't mean I don't think this is a good idea.
Assuming we can't get the network stack to validate addresses before
calling into these LSM hooks, I think this is an improvement over the
current approach.  I would like to see the patchset include individual
patches which do the desired adjustments to the Smack, TOMOYO,
AppArmor, Landlock, and SELinux code now that the sanity checks have
migrated to the LSM layer.  I expect that to be fairly
straightforward, but given all the corner cases I want to make sure
all the individual LSMs are okay with the changes.

> A following patch adds new tests improving AF_UNSPEC test coverage for
> Landlock.
>
> Cc: Alexey Kodanev <alexey.kodanev@...cle.com>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: Günther Noack <gnoack@...gle.com>
> Cc: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
> Cc: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
> Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>
> Cc: Paul Moore <paul@...l-moore.com>
> Cc: Serge E. Hallyn <serge@...lyn.com>
> Fixes: 20510f2f4e2d ("security: Convert LSM into a static interface")
> Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> ---
>  security/security.c | 96 +++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 96 insertions(+)

-- 
paul-moore.com

X-sender: <netdev+bounces-83465-steffen.klassert=cunet.com@...r.kernel.org>
X-Receiver: <steffen.klassert@...unet.com> ORCPT=c822;steffen.klassert@...unet.com NOTIFY=VER; X-ExtendedProps=AVABYAAgAAAAUAFAARAPDFCS25BAlDktII2g02frgPADUAAABNaWNyb3NvZnQuRXhjaGFuZ2UuVHJhbnNwb3J0LkRpcmVjdG9yeURhdGEuSXNSZXNvdXJjZQIAAAUAagAJAAEAAAAAAAAABQAWAAIAAAUAQwACAAAFAEYABwADAAAABQBHAAIAAAUAEgAPAGIAAAAvbz1zZWN1bmV0L291PUV4Y2hhbmdlIEFkbWluaXN0cmF0aXZlIEdyb3VwIChGWURJQk9IRjIzU1BETFQpL2NuPVJlY2lwaWVudHMvY249U3RlZmZlbiBLbGFzc2VydDY4YwUACwAXAL4AAACheZxkHSGBRqAcAp3ukbifQ049REI2LENOPURhdGFiYXNlcyxDTj1FeGNoYW5nZSBBZG1pbmlzdHJhdGl2ZSBHcm91cCAoRllESUJPSEYyM1NQRExUKSxDTj1BZG1pbmlzdHJhdGl2ZSBHcm91cHMsQ049c2VjdW5ldCxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZWN1bmV0LERDPWRlBQAOABEABiAS9uuMOkqzwmEZDvWNNQUAHQAPAAwAAABtYngtZXNzZW4tMDIFADwAAgAADwA2AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50LkRpc3BsYXlOYW1lDwARAAAAS2xhc3NlcnQsIFN0ZWZmZW4FAAwAAgAABQBsAAIAAAUAWAAXAEoAAADwxQktuQQJQ5LSCNoNNn64Q049S2xhc3NlcnQgU3RlZmZlbixPVT1Vc2VycyxPVT1NaWdyYXRpb24sREM9c2VjdW5ldCxEQz1kZQUAJgACAAEFACIADwAxAAAAQXV0b1Jlc3BvbnNlU3VwcHJlc3M6IDANClRyYW5zbWl0SGlzdG9yeTogRmFsc2UNCg8ALwAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuRXhwYW5zaW9uR3JvdXBUeXBlDwAVAAAATWVtYmVyc0dyb3VwRXhwYW5zaW9uBQAjAAIAAQ=
X-CreatedBy: MSExchange15
X-HeloDomain: a.mx.secunet.com
X-ExtendedProps: BQBjAAoAfEemlidQ3AgFAGEACAABAAAABQA3AAIAAA8APAAAAE1pY3Jvc29mdC5FeGNoYW5nZS5UcmFuc3BvcnQuTWFpbFJlY2lwaWVudC5Pcmdhbml6YXRpb25TY29wZREAAAAAAAAAAAAAAAAAAAAAAAUASQACAAEFAAQAFCABAAAAHAAAAHN0ZWZmZW4ua2xhc3NlcnRAc2VjdW5ldC5jb20FAAYAAgABBQApAAIAAQ8ACQAAAENJQXVkaXRlZAIAAQUAAgAHAAEAAAAFAAMABwAAAAAABQAFAAIAAQUAYgAKAIAAAADMigAABQBkAA8AAwAAAEh1Yg=
X-Source: SMTP:Default MBX-ESSEN-02
X-SourceIPAddress: 62.96.220.36
X-EndOfInjectedXHeaders: 16799
Received: from cas-essen-01.secunet.de (10.53.40.201) by
 mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server
 (version=S1_2, cipher=S_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.37; Fri, 29 Mar 2024 22:34:38 +0100
Received: from a.mx.secunet.com (62.96.220.36) by cas-essen-01.secunet.de
 (10.53.40.201) with Microsoft SMTP Server (version=S1_2,
 cipher=S_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend
 Transport; Fri, 29 Mar 2024 22:34:38 +0100
Received: from localhost (localhost [127.0.0.1])
	by a.mx.secunet.com (Postfix) with ESMTP id 44D31208AC
	for <steffen.klassert@...unet.com>; Fri, 29 Mar 2024 22:34:38 +0100 (CET)
X-Virus-Scanned: by secunet
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=.751 tagged_above=99 required=1
	tests=AYES_00=.9, DKIM_SIGNED=1, DKIM_VALID=.1,
	DKIM_VALID_AU=.1, HEADER_FROM_DIFFERENT_DOMAINS=249,
	MAILING_LIST_MULTI=, RCVD_IN_DNSWL_NONE=.0001,
	SPF_HELO_NONE=001, SPF_PASS=.001]
	autolearn=available autolearn_force=
Authentication-Results: a.mx.secunet.com (amavisd-new);
	dkim=ss (2048-bit key) header.d=ul-moore.com
Received: from a.mx.secunet.com ([127.0.0.1])
	by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id UmmA5N4cIheh for <steffen.klassert@...unet.com>;
	Fri, 29 Mar 2024 22:34:34 +0100 (CET)
Received-SPF: Pass (sender SPF authorized) identity=ilfrom; client-ip.7.75.48.161; helo=.mirrors.kernel.org; envelope-from=tdev+bounces-83465-steffen.klassert=cunet.com@...r.kernel.org; receiver=effen.klassert@...unet.com 
DKIM-Filter: OpenDKIM Filter v2.11.0 a.mx.secunet.com 53A2720892
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [147.75.48.161])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by a.mx.secunet.com (Postfix) with ESMTPS id 53A2720892
	for <steffen.klassert@...unet.com>; Fri, 29 Mar 2024 22:34:34 +0100 (CET)
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 28737B2130B
	for <steffen.klassert@...unet.com>; Fri, 29 Mar 2024 21:34:30 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 1EA5513BC02;
	Fri, 29 Mar 2024 21:34:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=ss (2048-bit key) header.d=ul-moore.com header.i=aul-moore.com header.b=MHcBIpi"
X-Original-To: netdev@...r.kernel.org
Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33CF51DFC4
	for <netdev@...r.kernel.org>; Fri, 29 Mar 2024 21:34:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=ne smtp.client-ip 9.85.128.179
ARC-Seal: i= a=a-sha256; d=bspace.kernel.org; s=c-20240116;
	t.11748061; cv=ne; b=Auqo04ElD606skfooNLm/UZkBKnID82OjkuXK7r/qpuGoXe9BUrYa0DaxnsXRxRTHV6y2x+rArTkYpXvwH7PctJDyt6j2TYdJFf7bsvlDm8TxCcCyxjvrDG7C9kZ0j3tsxirEUCzERxNCB9HqeseliUTavW6oXHxxWHoi7Cp0ARC-Message-Signature: i= a=a-sha256; d=bspace.kernel.org;
	s=c-20240116; t.11748061; c=laxed/simple;
	bhPM3LT8mnuywmJNlkQScxlgjVAIlHyjJG8qloVonzuk=
	h=ME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=2K8qmVZqwXtgmr0LI9fUb3Kl8RDqp13AQJ3SEeNG+70ERX+4biYHe1KDkKdbuAWhhgyGdjekI+m/mSUxuyAn3ELn1IZnSUYIlliBepO387THtDsmUygDx4n6Btf5wYOCkqu6pX47jf7TB/8xMPeG4Vo137SLT8XlIecbRVp0kARC-Authentication-Results: i= smtp.subspace.kernel.org; dmarc=ss (p=ne dis=ne) header.from=ul-moore.com; spf=ss smtp.mailfrom=ul-moore.com; dkim=ss (2048-bit key) header.d=ul-moore.com header.i=aul-moore.com header.b=HcBIpi; arc=ne smtp.client-ip 9.85.128.179
Authentication-Results: smtp.subspace.kernel.org; dmarc=ss (p=ne dis=ne) header.from=ul-moore.com
Authentication-Results: smtp.subspace.kernel.org; spf=ss smtp.mailfrom=ul-moore.com
Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-6147942ae18so58177b3.2
        for <netdev@...r.kernel.org>; Fri, 29 Mar 2024 14:34:18 -0700 (PDT)
DKIM-Signature: v= a=a-sha256; c=laxed/relaxed;
        d=ul-moore.com; s=ogle; t.11748058; x.12352858; darn=er.kernel.org;
        h=ntent-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MHZaDV3wX5X/mP8vILSA3tsnYggDxtMi+vTwU7OY8=
        b=HcBIpiXyp5v0KrwBJ0Y1s2XnC6BUh97Rt05RbaPDWnQ5yncJbRRQ4bpQ1DvCfFyb
         c087fMlQmqN7DDpRyLBIQqPdsJEiFsuSm2asxqRw4bTPYZs0UUSY9k3tVxa7RLZWr/+H
         +3mbQyr+4wOT8rytF947HQrMh4gAO/EygFRiXqiZvPUNfFGWYRppJUuzj5s1jPwRtPrs
         TrHnXhs6ZqmpBajfXab81hUulMHZOPuxSG2ThE+5NbKs6wfqPACS1RFY7Sl4Sl2OXji5
         T5XKNj2Hy69Q3VTwHuEer0avbRFYAP+/bZBNhSGfatQjGkwMXjxiw4LESd+IPURiJm6J
         6wag=
X-Google-DKIM-Signature: v= a=a-sha256; c=laxed/relaxed;
        d.100.net; s 230601; t.11748058; x.12352858;
        h=ntent-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=MHZaDV3wX5X/mP8vILSA3tsnYggDxtMi+vTwU7OY8=
        b=HVUfDLC4DWFIfru8+fov/6KGTsW1MmR6xqdgJa0ZwDokwzs6YFo2knHPLWB/ROAL
         qsi5imkejJmFqKZqJ6sr/wejwOAtVNoVNeSGSmqsmSF8Xrcj5HCn1cLMX1Ljqz8qdCGC
         7jG/1seL592tiUukU30+RKaglfpuJ6gYA8jpZGIC0C8HHwJjXEVEti1fT/wY/HS7IMUg
         3kXZN26ymG8e2S0+hqypPJMjEp/QfsQj63frMD5FYcGwyuLOZPrjcyodcvuL5zF4V7/K
         OcG75BYen5EpcUMrXZ8pDrSk6dF5BQZATfBgQXoh3IFejhB6HDgL0jMkSoipydMJOlGV
         /siA=
X-Forwarded-Encrypted: i= AJvYcCV2kKpT1OpsihgTQBlnZylDfTVURRuey4C3HaPv5f5hq0Zk/siPgKCK0ojrUTVaJOOO5yorgBfam6m0wmFQHmfmYXE7iJk6
X-Gm-Message-State: AOJu0YxT4zf6tHhtWM22Kipq7yJ4KbKpQZvdlkAfVQzMIKjgtF1mDEEx
	5kqE6IP9tkZ+/fMDytVoa+erAIUMtN04yXP9N/idtKFzHKFA41775RFtBSrWX6SNVps8rnbPJiL
	YBzrEo71kAusiSQxFArGWWPC3n1HpwyZ1jTZx
X-Google-Smtp-Source: AGHT+IH9pj0gJOAEZqutXLhCgImC4M5PTgqiAEIOD8jNv+vPhXBfVScVMRmBh9ONVHsoONfJu6nKmSY/GEubTYGORdEX-Received: by 2002:a81:84cd:0:b0:609:3c37:a624 with SMTP id
 u196-20020a8184cd000000b006093c37a624mr3517304ywf.35.1711748058196; Fri, 29
 Mar 2024 14:34:18 -0700 (PDT)
Precedence: bulk
X-Mailing-List: netdev@...r.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@...r.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@...r.kernel.org>
MIME-Version: 1.0
References: <20240327120036.233641-1-mic@...ikod.net>
In-Reply-To: <20240327120036.233641-1-mic@...ikod.net>
From: Paul Moore <paul@...l-moore.com>
Date: Fri, 29 Mar 2024 17:34:07 -0400
Message-ID: <CAHC9VhR42y0BaUPB_BgW+8oadDc36xPJRzEqh9Mwqa1RaMMZXQ@...l.gmail.com>
Subject: Re: [PATCH v1 1/2] lsm: Check and handle error priority for
 socket_bind and socket_connect
To: =TF-8?B?TWlja2HDq2wgU2FsYcO8bg==ic@...ikod.net>
Cc: linux-security-module@...r.kernel.org, netdev@...r.kernel.org, 
	Eric Dumazet <edumazet@...gle.com>, =TF-8?Q?Günther_Noack?=noack@...gle.com>, 
	Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>, 
	Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, 
	Muhammad Usama Anjum <usama.anjum@...labora.com>, "Serge E . Hallyn" <serge@...lyn.com>
Content-Type: text/plain; charset=TF-8"
Content-Transfer-Encoding: quoted-printable
Return-Path: netdev+bounces-83465-steffen.klassert=cunet.com@...r.kernel.org
X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 21:34:38.2980
 (UTC)
X-MS-Exchange-Organization-Network-Message-Id: eb6197cb-6771-485d-8d89-08dc5038093a
X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.36
X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.201
X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-01.secunet.de
X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=x-essen-02.secunet.de:TOTAL-HUB=397|SMR=323(SMRDE=005|SMRC=317(SMRCL=110|X-SMRCR=316))|CAT=073(CATRESL=029
 (CATRESLP2R=006)|CATORES=041(CATRS=041(CATRS-Transport Rule
 Agent=001(X-ETREX=001 )|CATRS-Index Routing
 Agent=039)));2024-03-29T21:34:38.710Z
X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de
X-MS-Exchange-Organization-AuthSource: cas-essen-01.secunet.de
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-FromEntityHeader: Internet
X-MS-Exchange-Organization-OriginalSize: 11561
X-MS-Exchange-Organization-HygienePolicy: Standard
X-MS-Exchange-Organization-MessageLatency: SRVÊs-essen-01.secunet.de:TOTAL-FE=014|SMR=006(SMRPI=004(SMRPI-FrontendProxyAgent=004))|SMS=008
X-MS-Exchange-Organization-Recipient-Limit-Verified: True
X-MS-Exchange-Organization-TotalRecipientCount: 1
X-MS-Exchange-Organization-Rules-Execution-History: 0b0cf904-14ac-4724-8bdf-482ee6223cf2%%%fd34672d-751c-45ae-a963-ed177fcabe23%%%d8080257-b0c3-47b4-b0db-23bc0c8ddb3c%%%95e591a2-5d7d-4afa-b1d0-7573d6c0a5d9%%%f7d0f6bc-4dcc-4876-8c5d-b3d6ddbb3d55%%%16355082-c50b-4214-9c7d-d39575f9f79b
X-MS-Exchange-Forest-RulesExecuted: mbx-essen-02
X-MS-Exchange-Organization-RulesExecuted: mbx-essen-02
X-MS-Exchange-Forest-IndexAgent-0: AQ0CZW4AAaYIAAAPAAADH4sIAAAAAAAEAJVW224byRFtSryJkiwvsg
 GSpzSch5WwFCMLaycRBEOKV06EtS5Y2QmCIDCaM02ylzPTxPSQNBd5
 yP/kIT+Qt/2TIB+SU1UzY0r2IsiCK/dMd1WdOnWqev7zs5tM/8nGfX
 1lcn38674+Pjr+SptC/+bk6Ojff//n+ZW+ctHU/PCPRN+ZxPzwr0yf
 pi46i93YTX08yGzxQi9zX9iT3d4L/PTvbGTmwepiYnWw0Tx3xepd8N
 HUFu+GLou1wf8/ujnxfhq0yS25ikyS2FgP7cjn4hDhlj6f6lCYaNrX
 rtAuaGvCShdeu6zIfTyPrLZ57nMd+ZjduCzyWXChsFnkbBjoywxrE2
 s/0iaOXTaG36WOJjZCbDgCrtxmBSMdzYu5oHl9dxX6OrHFF0GP3HvG
 k9vEFFZgIw67Heg3jLT2iGy0SXJsrcjP/szkhUNqqwPt0lliU8SiNF
 f67uK1y+bvOfBr/Ek8ZUlPyDRM/DyJdeYL5mZisrHVYDrXYWaQ9NBO
 zMIh7+G8IMe5X6wzoT+QsKqhljUjwCOXh0IgE6lm6OGGckxd5lKTaC
 oT6MpBQTYuJtpEkc+ZPVCGg+SI9m0APyZ1yYqYgKsSS7hXdSKfns9f
 vbu8vnjDSZbr5+Spjga2AgUZUR4fFYarsp4G/HvsPsgDnt9e391evC
 whoX7AI+TMcpBGiCgCiZBc+Uzflmi06FMvJzarK7RPEGaQfSal1B7J
 5OGA9ZiZIXRLqCC12FJ/UaqXt4vn9xW8TnpJzwOS9w8vLq//eP6afD
 Hcg6od2IjZp+Ix33T6/NX1zd3b29ubb9+UBgN9Z6n6aepYOcPh6Jl5
 Gh/ZZ/GR3n8SbEIZnehX0PSPMKKXDlhqEsEOOXpA0JOD9ToUE5d/VI
 Z1CQ5BhAWjJbtlBkRrKSLyVOnoJsPep6TCzVXYQA20jw6quobfhYM+
 3KNjuKJUIKTmCx/5RLqS4cGS8sz8cg1/uNfBZetJYUnugRrXjVa1Ii
 HDD81sCodE+0w2sl6ih8xKLw3OwVZqnsgYBDUzU0QTEhx0RLKgEMPc
 ZIhNyt7t/eXr3M9mVOrzxL63K/2Nj01mFzqeMxibGpdQZrBMw1/JRP
 ouZF9gbPjUIg6sL/WS06iABMhiCBXOfE70SRfrhUH152C/hFLk1oa+
 QKVCchF94mLOkosRJdZk8xnTWLYlabwvswqDjxrEgIsx+m6g9SXmbo
 YZFLuFi+cYLcxeqMjE4dQFbnocq9UQTEaaFEkVE1NPxCHNYUBa2FKo
 RhcmH1tKSsjl0xGcDS35GVmEWMucjEieZjSyUUFxRSzlbNntXftln8
 vDjmJvmdkUWYPU2NMDUTxdY2nsPaZ2bA0cnIcwT8ktlAAUOA1wH99n
 VIGFYWZtlTamlPT7bo9uQ3KCa44rFXj4yY3ZB44HCLJq7pIiNf7NZU
 jXM3SGXRNNqB6lMBI3tZUwCB2TFwAVN2gyxxXyoWS7Pd4EvOXEgeFY
 xBPb4HJLLfzdPBQUOVS6ukv5yn5zc3Xz5xv0xvlsdp6nPu8/uOmqCc
 t3FppSOOfZuCaAoHHZIZvUjXOzpl5iJDErm3Na9v0MBS09eBLKyLg8
 WZG4c+PGkwLULk2OAU2NOnYLm5V1pomZZyAtMlSEy7prUgOSAn8TVC
 fvK1lGi59Sy5Ma2Rff1iKmF/ocnZIkfknVFIGi2oEHDo+tsnLc8fXM
 pR1gQh0N7n3g5m+Skrpqcr2MTh4OiVPDz4OpPJ/53KBfB7gPaouL3E
 X663lqvketT20sqzNIePzg5O/xAcitce1JsKfjjP791MnLhcn8Al+P
 0wlNp1PHz4NUnp+eTeZmad0hfQuB5XDP9htMmAJ0u0xf2TCduPh7q0
 +n9dtBWr0t3dyzvppPTJri8+5tMKnR59l381SfzulhYOjhDPM/wYWU
 m3t2t2ae6CtPd+vpDOsz+nOY0ot75+4sZou+GOg/0FzD93CgF2cTfq
 pPvqIvjBN8Tz97ejQ6Hn1lj2O+bOXr50S/9BlKWV4c1NGGhkCBQuDJ
 5iN80T05IEd3bpzZ+NCPRodD2P3vz3EyOjw8pH/qr61fVYtBpP+mf/
 tcf/n//MeunuLiSiolo2HgBF+RSIHuuv0vD0jaFPU+a/RWqQ21uala
 mw21g59qbqhmU7U2GpsdpTqqi19bdbG7p5pY42RL7fKi2W2oz9VWW3
 VwHo8P3rRUe1N12vzbZNuW6iAWfuRfbW6pHs40VXdPfYZdvJGTbT4m
 Idqq11RtdtUUJ7DtqC15rDzvbKntbbVTW3VVb5MSEYedGk+XDRkJ4r
 Zg0lF7eNPiEDgvgXCgy1kAIZPTERJgIh7wl983NxqgaFPSx7pLHraw
 KzCqFBB9RxZ1FBzeInhdAVZjazIPlau2IJd8gbbNux1e8OGW5CInBV
 ibfiCWshafeLOjdlsVnztqTxyuBW1xxQUSyG+vAXj8gB8mrbtW1m3J
 4lNUtDkiYUaglqTGrra4QMLPptquTpZqkfOyu6c+l1IKTsEggAWSGH
 bVIymZWMmxrtqVYwjXUBtiKCY9tS2LDlu1mGe8wbFd9eh+7YCthQW2
 2lx3/GAuUeC5UxZF/FCIOgWsYcW5t0tm2CfMYVXpf2uTt6SaYiKE15
 A4346obr0XhAG8h6s2t2rVdyhZZz1l/FA4xtBieW8/IETEg60e17fm
 FmvpLPHZJnn3ulX5mhXyunxNFlXtE0Vn3jo1jDb3u4iq7mKsJU0ZDs
 1qC0TVIWTRUY9wsqKuJX6oTyv1Vk0Kuh4L21Sahvp52cUQbXejZHsL
 4H7ChZOXMqNw+LNS3t11D7/kElRtRVuAh8kDbf2CFr3aRCoOVy2KWw
 u+jEtio7itqlj0nhkgcmDyuGxnAoNu7bLGhAQhc0vt4fQuN6DAvj+i
 H3d5CjUa2FUbjWcNpYTeTmNrgwd+T/0UGB4JgP8CqGwziGkSAAABCt
 UBPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTE2Ij8+
 DQo8RW1haWxTZXQ+DQogIDxWZXJzaW9uPjE1LjAuMC4wPC9WZXJzaW
 9uPg0KICA8RW1haWxzPg0KICAgIDxFbWFpbCBTdGFydEluZGV4PSI0
 OCI+DQogICAgICA8RW1haWxTdHJpbmc+bWljQGRpZ2lrb2QubmV0PC
 9FbWFpbFN0cmluZz4NCiAgICA8L0VtYWlsPg0KICA8L0VtYWlscz4N
 CjwvRW1haWxTZXQ+AQ7PAVJldHJpZXZlck9wZXJhdG9yLDEwLDA7Um
 V0cmlldmVyT3BlcmF0b3IsMTEsMjtQb3N0RG9jUGFyc2VyT3BlcmF0
 b3IsMTAsMjtQb3N0RG9jUGFyc2VyT3BlcmF0b3IsMTEsMDtQb3N0V2
 9yZEJyZWFrZXJEaWFnbm9zdGljT3BlcmF0b3IsMTAsMjtQb3N0V29y
 ZEJyZWFrZXJEaWFnbm9zdGljT3BlcmF0b3IsMTEsMDtUcmFuc3Bvcn
 RXcml0ZXJQcm9kdWNlciwyMCwyMw=
X-MS-Exchange-Forest-IndexAgent: 1 2653
X-MS-Exchange-Forest-EmailMessageHash: 3D17F09A
X-MS-Exchange-Forest-Language: en
X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent

On Wed, Mar 27, 2024 at 8:00 AM Mickaël Salaün <mic@...ikod.net> wrote:
>
> Because the security_socket_bind and the security_socket_bind hooks are
> called before the network stack, it is easy to introduce error code
> inconsistencies. Instead of adding new checks to current and future
> LSMs, let's fix the related hook instead. The new checks are already
> (partially) implemented by SELinux and Landlock, and it should not
> change user space behavior but improve error code consistency instead.
>
> The first check is about the minimal sockaddr length according to the
> address family. This improves the security of the AF_INET and AF_INET6
> sockaddr parsing for current and future LSMs.
>
> The second check is about AF_UNSPEC. This fixes error priority for bind
> on PF_INET6 socket when SELinux (and potentially others) is enabled.
> Indeed, the IPv6 network stack first checks the sockaddr length (-EINVAL
> error) before checking the family (-EAFNOSUPPORT error). See commit
> bbf5a1d0e5d0 ("selinux: Fix error priority for bind with AF_UNSPEC on
> PF_INET6 socket").
>
> The third check is about consistency between socket family and address
> family. Only AF_INET and AF_INET6 are tested (by Landlock tests), so no
> other protocols are checked for now.
>
> These new checks should enable to simplify current LSM implementations,
> but we may want to first land this patch on all stable branches.

[Dropping Alexey Kodanev due to email problems]

This isn't something I would want to see backported to the various
stable trees, this is a consolidation and cleanup for future work, not
really a bugfix.  If an individual LSM is currently missing an address
sanity check that should be resolved with a targeted patch that can be
safely backported without affecting other LSMs.

Now, all that doesn't mean I don't think this is a good idea.
Assuming we can't get the network stack to validate addresses before
calling into these LSM hooks, I think this is an improvement over the
current approach.  I would like to see the patchset include individual
patches which do the desired adjustments to the Smack, TOMOYO,
AppArmor, Landlock, and SELinux code now that the sanity checks have
migrated to the LSM layer.  I expect that to be fairly
straightforward, but given all the corner cases I want to make sure
all the individual LSMs are okay with the changes.

> A following patch adds new tests improving AF_UNSPEC test coverage for
> Landlock.
>
> Cc: Alexey Kodanev <alexey.kodanev@...cle.com>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: Günther Noack <gnoack@...gle.com>
> Cc: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
> Cc: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
> Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>
> Cc: Paul Moore <paul@...l-moore.com>
> Cc: Serge E. Hallyn <serge@...lyn.com>
> Fixes: 20510f2f4e2d ("security: Convert LSM into a static interface")
> Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> ---
>  security/security.c | 96 +++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 96 insertions(+)

-- 
paul-moore.com

X-sender: <netdev+bounces-83465-peter.schumann=cunet.com@...r.kernel.org>
X-Receiver: <peter.schumann@...unet.com> ORCPT=c822;peter.schumann@...unet.com
X-CreatedBy: MSExchange15
X-HeloDomain: mbx-dresden-01.secunet.de
X-ExtendedProps: BQBjAAoAqUemlidQ3AgFADcAAgAADwA8AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50Lk9yZ2FuaXphdGlvblNjb3BlEQAAAAAAAAAAAAAAAAAAAAAADwA/AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLk1haWxEZWxpdmVyeVByaW9yaXR5DwADAAAATG93
X-Source: SMTP:Default MBX-ESSEN-02
X-SourceIPAddress: 10.53.40.199
X-EndOfInjectedXHeaders: 12221
Received: from mbx-dresden-01.secunet.de (10.53.40.199) by
 mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server
 (version=S1_2, cipher=S_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.37; Fri, 29 Mar 2024 22:34:33 +0100
Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de
 (10.53.40.202) with Microsoft SMTP Server (version=S1_2,
 cipher=S_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend
 Transport; Fri, 29 Mar 2024 22:34:33 +0100
Received: from localhost (localhost [127.0.0.1])
	by b.mx.secunet.com (Postfix) with ESMTP id 0D78B2032C
	for <peter.schumann@...unet.com>; Fri, 29 Mar 2024 22:34:33 +0100 (CET)
X-Virus-Scanned: by secunet
X-Spam-Flag: NO
X-Spam-Score: -5.051
X-Spam-Level:
X-Spam-Status: No, score=.051 tagged_above=99 required=1
	tests=AYES_00=.9, DKIM_SIGNED=1, DKIM_VALID=.1,
	DKIM_VALID_AU=.1, HEADER_FROM_DIFFERENT_DOMAINS=249,
	MAILING_LIST_MULTI=, RCVD_IN_DNSWL_MED=.3, SPF_HELO_NONE=001,
	SPF_PASS=.001] autolearn=m autolearn_force=
Authentication-Results: a.mx.secunet.com (amavisd-new);
	dkim=ss (2048-bit key) header.d=ul-moore.com
Received: from b.mx.secunet.com ([127.0.0.1])
	by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 71kp9MtgPhlG for <peter.schumann@...unet.com>;
	Fri, 29 Mar 2024 22:34:29 +0100 (CET)
Received-SPF: Pass (sender SPF authorized) identity=ilfrom; client-ip.9.178.88.99; helo=.mirrors.kernel.org; envelope-from=tdev+bounces-83465-peter.schumann=cunet.com@...r.kernel.org; receiver=ter.schumann@...unet.com 
DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com 31136200BB
Authentication-Results: b.mx.secunet.com;
	dkim=ss (2048-bit key) header.d=ul-moore.com header.i=aul-moore.com header.b=MHcBIpi"
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org [139.178.88.99])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by b.mx.secunet.com (Postfix) with ESMTPS id 31136200BB
	for <peter.schumann@...unet.com>; Fri, 29 Mar 2024 22:34:29 +0100 (CET)
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id E1DB1284FF6
	for <peter.schumann@...unet.com>; Fri, 29 Mar 2024 21:34:26 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id A16F813B5AE;
	Fri, 29 Mar 2024 21:34:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=ss (2048-bit key) header.d=ul-moore.com header.i=aul-moore.com header.b=MHcBIpi"
X-Original-To: netdev@...r.kernel.org
Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33CF51DFC4
	for <netdev@...r.kernel.org>; Fri, 29 Mar 2024 21:34:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=ne smtp.client-ip 9.85.128.179
ARC-Seal: i= a=a-sha256; d=bspace.kernel.org; s=c-20240116;
	t.11748061; cv=ne; b=Auqo04ElD606skfooNLm/UZkBKnID82OjkuXK7r/qpuGoXe9BUrYa0DaxnsXRxRTHV6y2x+rArTkYpXvwH7PctJDyt6j2TYdJFf7bsvlDm8TxCcCyxjvrDG7C9kZ0j3tsxirEUCzERxNCB9HqeseliUTavW6oXHxxWHoi7Cp0ARC-Message-Signature: i= a=a-sha256; d=bspace.kernel.org;
	s=c-20240116; t.11748061; c=laxed/simple;
	bhPM3LT8mnuywmJNlkQScxlgjVAIlHyjJG8qloVonzuk=
	h=ME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=2K8qmVZqwXtgmr0LI9fUb3Kl8RDqp13AQJ3SEeNG+70ERX+4biYHe1KDkKdbuAWhhgyGdjekI+m/mSUxuyAn3ELn1IZnSUYIlliBepO387THtDsmUygDx4n6Btf5wYOCkqu6pX47jf7TB/8xMPeG4Vo137SLT8XlIecbRVp0kARC-Authentication-Results: i= smtp.subspace.kernel.org; dmarc=ss (p=ne dis=ne) header.from=ul-moore.com; spf=ss smtp.mailfrom=ul-moore.com; dkim=ss (2048-bit key) header.d=ul-moore.com header.i=aul-moore.com header.b=HcBIpi; arc=ne smtp.client-ip 9.85.128.179
Authentication-Results: smtp.subspace.kernel.org; dmarc=ss (p=ne dis=ne) header.from=ul-moore.com
Authentication-Results: smtp.subspace.kernel.org; spf=ss smtp.mailfrom=ul-moore.com
Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-6147942ae18so58177b3.2
        for <netdev@...r.kernel.org>; Fri, 29 Mar 2024 14:34:18 -0700 (PDT)
DKIM-Signature: v= a=a-sha256; c=laxed/relaxed;
        d=ul-moore.com; s=ogle; t.11748058; x.12352858; darn=er.kernel.org;
        h=ntent-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MHZaDV3wX5X/mP8vILSA3tsnYggDxtMi+vTwU7OY8=
        b=HcBIpiXyp5v0KrwBJ0Y1s2XnC6BUh97Rt05RbaPDWnQ5yncJbRRQ4bpQ1DvCfFyb
         c087fMlQmqN7DDpRyLBIQqPdsJEiFsuSm2asxqRw4bTPYZs0UUSY9k3tVxa7RLZWr/+H
         +3mbQyr+4wOT8rytF947HQrMh4gAO/EygFRiXqiZvPUNfFGWYRppJUuzj5s1jPwRtPrs
         TrHnXhs6ZqmpBajfXab81hUulMHZOPuxSG2ThE+5NbKs6wfqPACS1RFY7Sl4Sl2OXji5
         T5XKNj2Hy69Q3VTwHuEer0avbRFYAP+/bZBNhSGfatQjGkwMXjxiw4LESd+IPURiJm6J
         6wag=
X-Google-DKIM-Signature: v= a=a-sha256; c=laxed/relaxed;
        d.100.net; s 230601; t.11748058; x.12352858;
        h=ntent-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=MHZaDV3wX5X/mP8vILSA3tsnYggDxtMi+vTwU7OY8=
        b=HVUfDLC4DWFIfru8+fov/6KGTsW1MmR6xqdgJa0ZwDokwzs6YFo2knHPLWB/ROAL
         qsi5imkejJmFqKZqJ6sr/wejwOAtVNoVNeSGSmqsmSF8Xrcj5HCn1cLMX1Ljqz8qdCGC
         7jG/1seL592tiUukU30+RKaglfpuJ6gYA8jpZGIC0C8HHwJjXEVEti1fT/wY/HS7IMUg
         3kXZN26ymG8e2S0+hqypPJMjEp/QfsQj63frMD5FYcGwyuLOZPrjcyodcvuL5zF4V7/K
         OcG75BYen5EpcUMrXZ8pDrSk6dF5BQZATfBgQXoh3IFejhB6HDgL0jMkSoipydMJOlGV
         /siA=
X-Forwarded-Encrypted: i= AJvYcCV2kKpT1OpsihgTQBlnZylDfTVURRuey4C3HaPv5f5hq0Zk/siPgKCK0ojrUTVaJOOO5yorgBfam6m0wmFQHmfmYXE7iJk6
X-Gm-Message-State: AOJu0YxT4zf6tHhtWM22Kipq7yJ4KbKpQZvdlkAfVQzMIKjgtF1mDEEx
	5kqE6IP9tkZ+/fMDytVoa+erAIUMtN04yXP9N/idtKFzHKFA41775RFtBSrWX6SNVps8rnbPJiL
	YBzrEo71kAusiSQxFArGWWPC3n1HpwyZ1jTZx
X-Google-Smtp-Source: AGHT+IH9pj0gJOAEZqutXLhCgImC4M5PTgqiAEIOD8jNv+vPhXBfVScVMRmBh9ONVHsoONfJu6nKmSY/GEubTYGORdEX-Received: by 2002:a81:84cd:0:b0:609:3c37:a624 with SMTP id
 u196-20020a8184cd000000b006093c37a624mr3517304ywf.35.1711748058196; Fri, 29
 Mar 2024 14:34:18 -0700 (PDT)
Precedence: bulk
X-Mailing-List: netdev@...r.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@...r.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@...r.kernel.org>
MIME-Version: 1.0
References: <20240327120036.233641-1-mic@...ikod.net>
In-Reply-To: <20240327120036.233641-1-mic@...ikod.net>
From: Paul Moore <paul@...l-moore.com>
Date: Fri, 29 Mar 2024 17:34:07 -0400
Message-ID: <CAHC9VhR42y0BaUPB_BgW+8oadDc36xPJRzEqh9Mwqa1RaMMZXQ@...l.gmail.com>
Subject: Re: [PATCH v1 1/2] lsm: Check and handle error priority for
 socket_bind and socket_connect
To: =TF-8?B?TWlja2HDq2wgU2FsYcO8bg==ic@...ikod.net>
Cc: linux-security-module@...r.kernel.org, netdev@...r.kernel.org, 
	Eric Dumazet <edumazet@...gle.com>, =TF-8?Q?Günther_Noack?=noack@...gle.com>, 
	Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>, 
	Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, 
	Muhammad Usama Anjum <usama.anjum@...labora.com>, "Serge E . Hallyn" <serge@...lyn.com>
Content-Type: text/plain; charset=TF-8"
Content-Transfer-Encoding: quoted-printable
Return-Path: netdev+bounces-83465-peter.schumann=cunet.com@...r.kernel.org
X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 21:34:33.0961
 (UTC)
X-MS-Exchange-Organization-Network-Message-Id: d5cfd638-bc6c-43a4-f38f-08dc50380620
X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37
X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202
X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de
X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRVÊs-essen-02.secunet.de:TOTAL-FE=026|SMR=025(SMRPI=022(SMRPI-FrontendProxyAgent=022));2024-03-29T21:34:33.122Z
X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de
X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-OriginalSize: 11672
X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=w
X-MS-Exchange-Organization-Prioritization: 2:ShadowRedundancy
X-MS-Exchange-Organization-IncludeInSla: False:ShadowRedundancy

On Wed, Mar 27, 2024 at 8:00 AM Mickaël Salaün <mic@...ikod.net> wrote:
>
> Because the security_socket_bind and the security_socket_bind hooks are
> called before the network stack, it is easy to introduce error code
> inconsistencies. Instead of adding new checks to current and future
> LSMs, let's fix the related hook instead. The new checks are already
> (partially) implemented by SELinux and Landlock, and it should not
> change user space behavior but improve error code consistency instead.
>
> The first check is about the minimal sockaddr length according to the
> address family. This improves the security of the AF_INET and AF_INET6
> sockaddr parsing for current and future LSMs.
>
> The second check is about AF_UNSPEC. This fixes error priority for bind
> on PF_INET6 socket when SELinux (and potentially others) is enabled.
> Indeed, the IPv6 network stack first checks the sockaddr length (-EINVAL
> error) before checking the family (-EAFNOSUPPORT error). See commit
> bbf5a1d0e5d0 ("selinux: Fix error priority for bind with AF_UNSPEC on
> PF_INET6 socket").
>
> The third check is about consistency between socket family and address
> family. Only AF_INET and AF_INET6 are tested (by Landlock tests), so no
> other protocols are checked for now.
>
> These new checks should enable to simplify current LSM implementations,
> but we may want to first land this patch on all stable branches.

[Dropping Alexey Kodanev due to email problems]

This isn't something I would want to see backported to the various
stable trees, this is a consolidation and cleanup for future work, not
really a bugfix.  If an individual LSM is currently missing an address
sanity check that should be resolved with a targeted patch that can be
safely backported without affecting other LSMs.

Now, all that doesn't mean I don't think this is a good idea.
Assuming we can't get the network stack to validate addresses before
calling into these LSM hooks, I think this is an improvement over the
current approach.  I would like to see the patchset include individual
patches which do the desired adjustments to the Smack, TOMOYO,
AppArmor, Landlock, and SELinux code now that the sanity checks have
migrated to the LSM layer.  I expect that to be fairly
straightforward, but given all the corner cases I want to make sure
all the individual LSMs are okay with the changes.

> A following patch adds new tests improving AF_UNSPEC test coverage for
> Landlock.
>
> Cc: Alexey Kodanev <alexey.kodanev@...cle.com>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: Günther Noack <gnoack@...gle.com>
> Cc: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
> Cc: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
> Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>
> Cc: Paul Moore <paul@...l-moore.com>
> Cc: Serge E. Hallyn <serge@...lyn.com>
> Fixes: 20510f2f4e2d ("security: Convert LSM into a static interface")
> Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> ---
>  security/security.c | 96 +++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 96 insertions(+)

-- 
paul-moore.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ