lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250610195459.1885739-1-kuni1840@gmail.com>
Date: Tue, 10 Jun 2025 12:54:34 -0700
From: Kuniyuki Iwashima <kuni1840@...il.com>
To: kuni1840@...il.com
Cc: bluca@...ian.org,
	brauner@...nel.org,
	davem@...emloft.net,
	edumazet@...gle.com,
	horms@...nel.org,
	kuba@...nel.org,
	kuniyu@...zon.com,
	netdev@...r.kernel.org,
	pabeni@...hat.com,
	willemb@...gle.com
Subject: Re: [PATCH v5 net-next 5/9] net: Restrict SO_PASS{CRED,PIDFD,SEC} to AF_{UNIX,NETLINK,BLUETOOTH}.

From: Kuniyuki Iwashima <kuni1840@...il.com>
Date: Mon,  9 Jun 2025 08:55:36 -0700
> From: Luca Boccassi <bluca@...ian.org>
> Date: Mon, 09 Jun 2025 12:14:51 +0100
> > On Mon, 2025-05-19 at 13:57 -0700, Kuniyuki Iwashima wrote:
> > > SCM_CREDENTIALS and SCM_SECURITY can be recv()ed by calling
> > > scm_recv() or scm_recv_unix(), and SCM_PIDFD is only used by
> > > scm_recv_unix().
> > > 
> > > scm_recv() is called from AF_NETLINK and AF_BLUETOOTH.
> > > 
> > > scm_recv_unix() is literally called from AF_UNIX.
> > > 
> > > Let's restrict SO_PASSCRED and SO_PASSSEC to such sockets and
> > > SO_PASSPIDFD to AF_UNIX only.
> > > 
> > > Later, SOCK_PASS{CRED,PIDFD,SEC} will be moved to struct sock
> > > and united with another field.
> > > 
> > > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > > Reviewed-by: Willem de Bruijn <willemb@...gle.com>
> > > ---
> > > v3:
> > >   * Return -EOPNOTSUPP in getsockopt() too
> > >   * Add CONFIG_SECURITY_NETWORK check for SO_PASSSEC
> > > 
> > > diff --git a/net/core/sock.c b/net/core/sock.c
> > > index d7d6d3a8efe5..fd5f9d3873c1 100644
> > > --- a/net/core/sock.c
> > > +++ b/net/core/sock.c
> > > @@ -1221,12 +1221,21 @@ int sk_setsockopt(struct sock *sk, int level,
> > > int optname,
> > >  		}
> > >  		return -EPERM;
> > >  	case SO_PASSSEC:
> > > +		if (!IS_ENABLED(CONFIG_SECURITY_NETWORK) ||
> > > sk_may_scm_recv(sk))
> > > +			return -EOPNOTSUPP;
> > 
> > Hi,
> > 
> > Was this one meant to be !sk_may_scm_recv(sk) like in getsockopt below
> > by any chance?
> 
> Oops, but the next patch happened to fix it.
> 
> Will try to reproduce it.
> 
> > 
> > We have a report that this is breaking AF_UNIX sockets with 6.16~rc1:
> > 
> > [    1.763019] systemd[1]: systemd-journald-dev-log.socket: SO_PASSSEC
> > failed: Operation not supported
> > [    1.763102] systemd[1]: systemd-journald.socket: SO_PASSSEC failed:
> > Operation not supported
> > [    1.763121] systemd[1]: systemd-journald.socket: SO_PASSSEC failed:
> > Operation not supported

This was just a warning and nothing broken as mentioned in the
thread below.

> > 
> > https://github.com/systemd/systemd/issues/37783

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ