lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1976e40bd50.28a7.85c95baa4474aabc7814e68940a78392@paul-moore.com>
Date: Sat, 14 Jun 2025 07:43:46 -0400
From: Paul Moore <paul@...l-moore.com>
To: Kuniyuki Iwashima <kuni1840@...il.com>, Martin KaFai Lau <martin.lau@...ux.dev>, Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>
CC: Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Kumar Kartikeya Dwivedi <memxor@...il.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Mickaël Salaün <mic@...ikod.net>, Günther Noack <gnoack@...gle.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Ondrej Mosnacek <omosnace@...hat.com>, Casey Schaufler <casey@...aufler-ca.com>, Kuniyuki Iwashima <kuniyu@...gle.com>, <bpf@...r.kernel.org>, <linux-security-module@...r.kernel.org>, <selinux@...r.kernel.org>, <netdev@...r.kernel.org>
Subject: Re: [PATCH v2 bpf-next 0/4] af_unix: Allow BPF LSM to filter SCM_RIGHTS at sendmsg().


On June 13, 2025 6:24:15 PM Kuniyuki Iwashima <kuni1840@...il.com> wrote:
> From: Kuniyuki Iwashima <kuniyu@...gle.com>
>
> Since commit 77cbe1a6d873 ("af_unix: Introduce SO_PASSRIGHTS."),
> we can disable SCM_RIGHTS per socket, but it's not flexible.
>
> This series allows us to implement more fine-grained filtering for
> SCM_RIGHTS with BPF LSM.

My ability to review this over the weekend is limited due to device and 
network access, but I'll take a look next week.

That said, it would be good if you could clarify the "filtering" aspect of 
your comments; it may be obvious when I'm able to look at the full patchset 
in context, but the commit descriptions worry me that perhaps you are still 
intending on using the LSM framework to cut SCM_RIGHTS payloads from 
individual messages?  Blocking messages at send time if they contain 
SCM_RIGHTS is likely okay (pending proper implementation review), but 
modifying packets in flight in the LSM framework is not.

Also, a quick administrative note, I see you have marked this as 
"bpf-next", however given the diffstat of the proposed changes this 
patchset should go to Linus via the LSM tree and not the BPF tree.

--
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ