lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241017110454.265818-1-ivanov.mikhail1@huawei-partners.com>
Date: Thu, 17 Oct 2024 19:04:46 +0800
From: Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>
To: <mic@...ikod.net>, <gnoack@...gle.com>
CC: <willemdebruijn.kernel@...il.com>, <matthieu@...fet.re>,
	<linux-security-module@...r.kernel.org>, <netdev@...r.kernel.org>,
	<netfilter-devel@...r.kernel.org>, <yusongping@...wei.com>,
	<artem.kuzin@...wei.com>, <konstantin.meskhidze@...wei.com>
Subject: [RFC PATCH v2 0/8] Fix non-TCP restriction and inconsistency of TCP errors

Hello!
This patchset provides two general fixes for TCP Landlock hooks:

First one fixes incorrect restriction of non-TCP bind/connect actions.
There is two commits related to testing MPTCP and SCTP protocols which were
incorrectly restricted. SCTP implementation has invalid check for minimal
address length in bind(2) call [1], therefore commit with SCTP testing can be
applied later after necessary SCTP fixes.

[1] https://lore.kernel.org/all/20241004.Hohpheipieh2@digikod.net/
Closes: https://github.com/landlock-lsm/linux/issues/40

Second one fixes inconsistency of errors in bind and connect hooks for
TCP sockets. It provides per-operation helpers, which consist of a set
of checks from the TCP network stack. Due to TCP connect(2) implementation
it's not possible to obtain full consistency, but the unhandled cases are
rather special scenarios that should almost should not normally appear.
Two new tests were implemented to validate errors consistency.

Diffs of second and third commits were unreadable, so I've decided to
rewrite net.c file to simplify reviewing process.

Code coverage
=============
Code coverage(gcov) report with the launch of net_test selftest:
 * security/landlock/net.c:
lines......: 98.8% (79 of 80 lines)
functions..: 100% (8 of 8 functions)

One uncovered line is documented in check_tcp_connect_consistency_and_get_port().

General changes
===============
 * Rebases on current linux-mic/next (based on Linux v6.12-rc3)
 * Fixes inconsistency of TCP actions errors and implements two related
   tests.
 * Removes SMC test suits.
 * Adds separate commit for SCTP test suits.
 * Adds test suits of protocol fixture for sockets created with
   protocol=IPPROTO_TCP (C.f. socket(2)).

Previous versions
=================
v1: https://lore.kernel.org/all/20241003143932.2431249-1-ivanov.mikhail1@huawei-partners.com/

Mikhail Ivanov (8):
  landlock: Fix non-TCP sockets restriction
  landlock: Make network stack layer checks explicit for each TCP action
  landlock: Fix inconsistency of errors for TCP actions
  selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP
  selftests/landlock: Test that MPTCP actions are not restricted
  selftests/landlock: Test consistency of errors for TCP actions
  landlock: Add note about errors consistency in documentation
  selftests/landlock: Test that SCTP actions are not restricted

 Documentation/userspace-api/landlock.rst    |   3 +-
 security/landlock/net.c                     | 501 +++++++++++-------
 tools/testing/selftests/landlock/common.h   |   1 +
 tools/testing/selftests/landlock/config     |   4 +
 tools/testing/selftests/landlock/net_test.c | 532 ++++++++++++++++++--
 5 files changed, 825 insertions(+), 216 deletions(-)
 rewrite security/landlock/net.c (36%)


base-commit: fe76bd133024aaef12d12a7d58fa3e8d138d3bf3
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ