| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240408094747.1761850-1-ivanov.mikhail1@huawei-partners.com> Date: Mon, 8 Apr 2024 17:47:45 +0800 From: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com> To: <mic@...ikod.net> CC: <willemdebruijn.kernel@...il.com>, <gnoack3000@...il.com>, <linux-security-module@...r.kernel.org>, <netdev@...r.kernel.org>, <netfilter-devel@...r.kernel.org>, <yusongping@...wei.com>, <artem.kuzin@...wei.com>, <konstantin.meskhidze@...wei.com> Subject: [PATCH 0/2] Forbid illegitimate binding via listen(2) listen(2) can be called without explicit bind(2) call. For a TCP socket it would result in assigning random port(in some range) to this socket by the kernel. If Landlock sandbox supports LANDLOCK_ACCESS_NET_BIND_TCP, this may lead to implicit access to a prohibited (by Landlock sandbox) port. Malicious sandboxed process can accidentally impersonate a legitimate server process (if listen(2) assigns it a server port number). Patch adds hook on socket_listen() that prevents such scenario by checking LANDLOCK_ACCESS_NET_BIND_TCP access for port 0. Few tests were added to cover this case. Code coverage(gcov): * security/landlock: lines......: 94.5% (745 of 788 lines) functions..: 97.1% (100 of 103 functions) Ivanov Mikhail (2): landlock: Add hook on socket_listen() selftests/landlock: Create 'listen_zero', 'deny_listen_zero' tests security/landlock/net.c | 104 +++++++++++++++++--- tools/testing/selftests/landlock/net_test.c | 89 +++++++++++++++++ 2 files changed, 177 insertions(+), 16 deletions(-) -- 2.34.1
Powered by blists - more mailing lists