lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhQHZCe0LMx4xzSo-h1SWY489U4frKYnxu4YVrcJN3x7nA@mail.gmail.com>
Date: Thu, 15 Jan 2026 16:46:00 -0500
From: Paul Moore <paul@...l-moore.com>
To: Günther Noack <gnoack3000@...il.com>
Cc: Christian Brauner <brauner@...nel.org>, Justin Suess <utilityemal77@...il.com>, 
	Mickaël Salaün <mic@...ikod.net>, 
	James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, 
	linux-security-module@...r.kernel.org, Tingmao Wang <m@...wtm.org>, 
	Samasth Norway Ananda <samasth.norway.ananda@...cle.com>, Matthieu Buffet <matthieu@...fet.re>, 
	Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>, konstantin.meskhidze@...wei.com, 
	Demi Marie Obenour <demiobenour@...il.com>, Alyssa Ross <hi@...ssa.is>, Jann Horn <jannh@...gle.com>, 
	Tahera Fahimi <fahimitahera@...il.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org, 
	Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH v2 1/5] lsm: Add hook unix_path_connect

On Thu, Jan 15, 2026 at 5:10 AM Günther Noack <gnoack3000@...il.com> wrote:
> On Tue, Jan 13, 2026 at 06:27:15PM -0500, Paul Moore wrote:
> > On Tue, Jan 13, 2026 at 4:34 AM Christian Brauner <brauner@...nel.org> wrote:
> > > On Sat, Jan 10, 2026 at 03:32:57PM +0100, Günther Noack wrote:
> > > > From: Justin Suess <utilityemal77@...il.com>
> > > >
> > > > Adds an LSM hook unix_path_connect.
> > > >
> > > > This hook is called to check the path of a named unix socket before a
> > > > connection is initiated.
> > > >
> > > > Cc: Günther Noack <gnoack3000@...il.com>
> > > > Signed-off-by: Justin Suess <utilityemal77@...il.com>
> > > > ---
> > > >  include/linux/lsm_hook_defs.h |  4 ++++
> > > >  include/linux/security.h      | 11 +++++++++++
> > > >  net/unix/af_unix.c            |  9 +++++++++
> > > >  security/security.c           | 20 ++++++++++++++++++++
> > > >  4 files changed, 44 insertions(+)

...

> On the other side, I see the following drawbacks:
>
> * The more serious surgery in af_unix, which Paul also discussed:

Not to take away from what Günther already mentioned, but my concern
about extending the path beyond the unix_find_bsd() function for the
sake of the LSM is that history has shown that the easiest (this is
very much a relative statement) approach towards acceptance of a new
LSM hook is to keep the addition/patch as small as possible while
still being useful.  Making the addition of a new LSM hook dependent
on significant changes outside of the security/ directory often
results in failure.

> Overall, I am not convinced that using pre-existing hooks is the right
> way and I would prefer the approach where we have a more dedicated LSM
> hook for the path lookup.
>
> Does that seem reasonable?  Let me know what you think.

I believe it's definitely the "path" (sorry) of least resistance.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ