| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAVpQUCF3uES6j22P1TYzgKByw+E4EqpM=+OFyqtRGStGWxH+Q@mail.gmail.com> Date: Sun, 4 Jan 2026 23:46:46 -0800 From: Kuniyuki Iwashima <kuniyu@...gle.com> To: Justin Suess <utilityemal77@...il.com> Cc: Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, Simon Horman <horms@...nel.org>, Mickaël Salaün <mic@...ikod.net>, Günther Noack <gnoack@...gle.com>, linux-security-module@...r.kernel.org, Tingmao Wang <m@...wtm.org>, netdev@...r.kernel.org Subject: Re: [RFC PATCH 0/1] lsm: Add hook unix_path_connect On Wed, Dec 31, 2025 at 1:33 PM Justin Suess <utilityemal77@...il.com> wrote: > > Hi, > > This patch introduces a new LSM hook unix_path_connect. > > The idea for this patch and the hook came from Günther Noack, who > is cc'd. Much credit to him for the idea and discussion. > > This patch is based on the lsm next branch. > > Motivation > --- > > For AF_UNIX sockets bound to a filesystem path (aka named sockets), one > identifying object from a policy perspective is the path passed to > connect(2). However, this operation currently restricts LSMs that rely > on VFS-based mediation, because the pathname resolved during connect() > is not preserved in a form visible to existing hooks before connection > establishment. Why can't LSM use unix_sk(other)->path in security_unix_stream_connect() and security_unix_may_send() ? > As a result, LSMs such as Landlock cannot currently > restrict connections to named UNIX domain sockets by their VFS path. > > This gap has been discussed previously (e.g. in the context of Landlock's > path-based access controls). [1] [2] > > I've cc'd the netdev folks as well on this, as the placement of this hook is > important and in a core unix socket function. > > Design Choices > --- > > The hook is called in net/unix/af_unix.c in the function unix_find_bsd(). > > The hook takes a single parameter, a const struct path* to the named unix > socket to which the connection is being established. > > The hook takes place after normal permissions checks, and after the > inode is determined to be a socket. It however, takes place before > the socket is actually connected to. > > If the hook returns non-zero it will do a put on the path, and return. > > References > --- > > [1]: https://github.com/landlock-lsm/linux/issues/36#issue-2354007438 > [2]: https://lore.kernel.org/linux-security-module/cover.1767115163.git.m@maowtm.org/ > > Kind Regards, > Justin Suess > > Justin Suess (1): > lsm: Add hook unix_path_connect > > include/linux/lsm_hook_defs.h | 1 + > include/linux/security.h | 6 ++++++ > net/unix/af_unix.c | 8 ++++++++ > security/security.c | 16 ++++++++++++++++ > 4 files changed, 31 insertions(+) > > > base-commit: 1c0860d4415d52f3ad1c8e0a15c1272869278a06 > -- > 2.51.0 >
Powered by blists - more mailing lists