| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241214184540.3835222-1-matthieu@buffet.re> Date: Sat, 14 Dec 2024 19:45:34 +0100 From: Matthieu Buffet <matthieu@...fet.re> To: Mickael Salaun <mic@...ikod.net> Cc: Gunther Noack <gnoack@...gle.com>, Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>, konstantin.meskhidze@...wei.com, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, linux-security-module@...r.kernel.org, netdev@...r.kernel.org, Matthieu Buffet <matthieu@...fet.re> Subject: [PATCH v2 0/6] landlock: Add UDP access control support Hi Mickael, Thanks for your comments on the v1 of this patch, I should have everything fixed so (hopefully) this v2 boils down to something simpler. This patchset is based on https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git Linux 6.12 (adc218676eef). This patchset should add basic support to completely block a process from sending and receiving UDP datagrams, and delegate the right to send/receive based on remote/local port. It should fit nicely with the socket creation restrictions WIP (either don't have UDP at all, or have it with just the rights needed). @Mikhail: I saw the discussions around TCP error code inconsistencies + over-restriction, and your patch v1. I took extra care to minimize this diff size: no unnecessary comment/refactor, especially in current_check_access_socket(). It should be just what is required for a basic UDP support without changing error handling in that main function. The only question that remained open from v1 was about UDP rights naming. Since there were no strong preferences and the hooks now only handle sendmsg() if an explicit address is specified, that's now LANDLOCK_ACCESS_NET_UDP_SENDTO since the name (and prototype with a destination address parameter) of sendto(3) is closer to these semantics. Changes since v1 (link below): - recvmsg hook is gone and sendmsg hook doesn't apply to connected sockets anymore, to improve performance - don't add a get_addr_port() helper function, which required a weird "am I in IPv4 or IPv6 context" to avoid a addrlen>sizeof(struct sockaddr_in) check in connect(AF_UNSPEC) IPv6 context. A helper was useful when ports also needed to be read in a recvmsg() hook, now it's just a simple switch case in the sendmsg() hook, more readable - rename sendmsg access right to LANDLOCK_ACCESS_NET_UDP_SENDTO - reorder hook prologue for consistency: check domain, then type and family - add additional selftests cases around minimal address length - update documentation lcov gives me net.c going from 94% lines/80% functions to 96.6% lines/ 85.7% functions Any feedback welcome! Link: https://lore.kernel.org/all/20240916122230.114800-1-matthieu@buffet.re/ Closes: https://github.com/landlock-lsm/linux/issues/10 Link: https://lore.kernel.org/all/20241017110454.265818-1-ivanov.mikhail1@huawei-partners.com/ Cc: Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com> Matthieu Buffet (6): landlock: Add UDP bind+connect access control selftests/landlock: Adapt existing bind/connect for UDP landlock: Add UDP sendmsg access control selftests/landlock: Add ACCESS_NET_SENDTO_UDP samples/landlock: Add sandboxer UDP access control doc: Add landlock UDP support Documentation/userspace-api/landlock.rst | 84 +++- include/uapi/linux/landlock.h | 67 ++- samples/landlock/sandboxer.c | 58 ++- security/landlock/limits.h | 2 +- security/landlock/net.c | 137 +++++- security/landlock/syscalls.c | 2 +- tools/testing/selftests/landlock/base_test.c | 2 +- tools/testing/selftests/landlock/net_test.c | 455 +++++++++++++++++-- 8 files changed, 715 insertions(+), 92 deletions(-) base-commit: adc218676eef25575469234709c2d87185ca223a -- 2.39.5
Powered by blists - more mailing lists