lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240920.choPhoa8ahp8@digikod.net>
Date: Fri, 20 Sep 2024 15:39:17 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Matthieu Buffet <matthieu@...fet.re>
Cc: Günther Noack <gnoack@...gle.com>, 
	Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, 
	"Serge E . Hallyn" <serge@...lyn.com>, linux-security-module@...r.kernel.org, 
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org, 
	Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
Subject: Re: [RFC PATCH v1 3/7] landlock: Add UDP bind+connect access control

On Mon, Sep 16, 2024 at 02:22:26PM +0200, Matthieu Buffet wrote:
> Add support for two more access rights:
> 
> - LANDLOCK_ACCESS_NET_CONNECT_UDP, to gate the possibility to connect()
>   an inet SOCK_DGRAM socket. This will be used by some client applications
>   (those who want to avoid specifying a destination for each datagram in
>   sendmsg), and for a few servers (those creating a socket per-client, who
>   want to only receive traffic from each client on these sockets)
> 
> - LANDLOCK_ACCESS_NET_BIND_UDP, to gate the possibility to bind() an
>   inet SOCK_DGRAM socket. This will be required for most server
>   applications (to start listening for datagrams on a non-ephemeral
>   port) and can be useful for some client applications (to set the
>   source port of future datagrams)
> 
> Also bump the ABI version from 5 to 6 so that userland can detect
> whether these rights are supported and actually use them.
> 

Closes: https://github.com/landlock-lsm/linux/issues/10

> Signed-off-by: Matthieu Buffet <matthieu@...fet.re>
> ---
>  include/uapi/linux/landlock.h | 48 +++++++++++++++++++++++--------
>  security/landlock/limits.h    |  2 +-
>  security/landlock/net.c       | 54 ++++++++++++++++++++++++++---------
>  security/landlock/syscalls.c  |  2 +-
>  4 files changed, 79 insertions(+), 27 deletions(-)
> 
> diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
> index 2c8dbc74b955..7f9aa1cd2912 100644
> --- a/include/uapi/linux/landlock.h
> +++ b/include/uapi/linux/landlock.h
> @@ -113,12 +113,15 @@ struct landlock_net_port_attr {
>  	 *
>  	 * It should be noted that port 0 passed to :manpage:`bind(2)` will bind
>  	 * to an available port from the ephemeral port range.  This can be
> -	 * configured with the ``/proc/sys/net/ipv4/ip_local_port_range`` sysctl
> -	 * (also used for IPv6).
> +	 * configured globally with the
> +	 * ``/proc/sys/net/ipv4/ip_local_port_range`` sysctl (also used for
> +	 * IPv6), and on a per-socket basis using
> +	 * ``setsockopt(IP_LOCAL_PORT_RANGE)``.

Interesting... setsockopt(IP_LOCAL_PORT_RANGE) can always be set
independant of the sysctl, but fortunately it is only taken into account
if it fits into the sysctl range (see inet_sk_get_local_port_range),
which makes sense.

>  	 *
>  	 * A Landlock rule with port 0 and the ``LANDLOCK_ACCESS_NET_BIND_TCP``
> -	 * right means that requesting to bind on port 0 is allowed and it will
> -	 * automatically translate to binding on the related port range.
> +	 * or ``LANDLOCK_ACCESS_NET_BIND_UDP`` right means that requesting to
> +	 * bind on port 0 is allowed and it will automatically translate to
> +	 * binding on the related port range.
>  	 */
>  	__u64 port;
>  };

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ