lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250610195459.1885739-1-kuni1840@gmail.com> Date: Tue, 10 Jun 2025 12:54:34 -0700 From: Kuniyuki Iwashima <kuni1840@...il.com> To: kuni1840@...il.com Cc: bluca@...ian.org, brauner@...nel.org, davem@...emloft.net, edumazet@...gle.com, horms@...nel.org, kuba@...nel.org, kuniyu@...zon.com, netdev@...r.kernel.org, pabeni@...hat.com, willemb@...gle.com Subject: Re: [PATCH v5 net-next 5/9] net: Restrict SO_PASS{CRED,PIDFD,SEC} to AF_{UNIX,NETLINK,BLUETOOTH}. From: Kuniyuki Iwashima <kuni1840@...il.com> Date: Mon, 9 Jun 2025 08:55:36 -0700 > From: Luca Boccassi <bluca@...ian.org> > Date: Mon, 09 Jun 2025 12:14:51 +0100 > > On Mon, 2025-05-19 at 13:57 -0700, Kuniyuki Iwashima wrote: > > > SCM_CREDENTIALS and SCM_SECURITY can be recv()ed by calling > > > scm_recv() or scm_recv_unix(), and SCM_PIDFD is only used by > > > scm_recv_unix(). > > > > > > scm_recv() is called from AF_NETLINK and AF_BLUETOOTH. > > > > > > scm_recv_unix() is literally called from AF_UNIX. > > > > > > Let's restrict SO_PASSCRED and SO_PASSSEC to such sockets and > > > SO_PASSPIDFD to AF_UNIX only. > > > > > > Later, SOCK_PASS{CRED,PIDFD,SEC} will be moved to struct sock > > > and united with another field. > > > > > > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com> > > > Reviewed-by: Willem de Bruijn <willemb@...gle.com> > > > --- > > > v3: > > > * Return -EOPNOTSUPP in getsockopt() too > > > * Add CONFIG_SECURITY_NETWORK check for SO_PASSSEC > > > > > > diff --git a/net/core/sock.c b/net/core/sock.c > > > index d7d6d3a8efe5..fd5f9d3873c1 100644 > > > --- a/net/core/sock.c > > > +++ b/net/core/sock.c > > > @@ -1221,12 +1221,21 @@ int sk_setsockopt(struct sock *sk, int level, > > > int optname, > > > } > > > return -EPERM; > > > case SO_PASSSEC: > > > + if (!IS_ENABLED(CONFIG_SECURITY_NETWORK) || > > > sk_may_scm_recv(sk)) > > > + return -EOPNOTSUPP; > > > > Hi, > > > > Was this one meant to be !sk_may_scm_recv(sk) like in getsockopt below > > by any chance? > > Oops, but the next patch happened to fix it. > > Will try to reproduce it. > > > > > We have a report that this is breaking AF_UNIX sockets with 6.16~rc1: > > > > [ 1.763019] systemd[1]: systemd-journald-dev-log.socket: SO_PASSSEC > > failed: Operation not supported > > [ 1.763102] systemd[1]: systemd-journald.socket: SO_PASSSEC failed: > > Operation not supported > > [ 1.763121] systemd[1]: systemd-journald.socket: SO_PASSSEC failed: > > Operation not supported This was just a warning and nothing broken as mentioned in the thread below. > > > > https://github.com/systemd/systemd/issues/37783
Powered by blists - more mailing lists