| Message ID | 1300840717-4413-1-git-send-email-pekane52@gmail.com |
|---|---|
| State | Rejected, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Pat Kane <pekane52@gmail.com> Date: Tue, 22 Mar 2011 19:38:37 -0500 > The unix_dgram routines add secdata to socket messages, > but the unix_stream routines do not. I have added the > two missing lines of code. > > Signed-off-by: Pat Kane <pekane52@gmail.com> The security hooks appear to be only intended to operate on datagram sockets, and as such I think the omission of UNIX stream sockets was very much on purpose. The SELINUX hook implementations even have "_dgram()" in their names. Catherine Zhang added to CC: as she last made modifications to these hooks. > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c > index 1663e1a..8753cdd 100644 > --- a/net/unix/af_unix.c > +++ b/net/unix/af_unix.c > @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, > max_level = err + 1; > fds_sent = true; > > + unix_get_secdata(siocb->scm, skb); > + > err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); > if (err) { > kfree_skb(skb); > @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, > } else { > /* Copy credentials */ > scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); > + unix_set_secdata(siocb->scm, skb); > check_creds = 1; > } > > -- > 1.7.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote: > From: Pat Kane <pekane52@gmail.com> > Date: Tue, 22 Mar 2011 19:38:37 -0500 > > > The unix_dgram routines add secdata to socket messages, > > but the unix_stream routines do not. I have added the > > two missing lines of code. > > > > Signed-off-by: Pat Kane <pekane52@gmail.com> > > The security hooks appear to be only intended to operate on datagram > sockets, and as such I think the omission of UNIX stream sockets was > very much on purpose. > > The SELINUX hook implementations even have "_dgram()" in their names. > > Catherine Zhang added to CC: as she last made modifications to these > hooks. And I'll add Paul Moore as I think he understands the intersection of /net and /security better than anyone. > > > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c > > index 1663e1a..8753cdd 100644 > > --- a/net/unix/af_unix.c > > +++ b/net/unix/af_unix.c > > @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, > > max_level = err + 1; > > fds_sent = true; > > > > + unix_get_secdata(siocb->scm, skb); > > + > > err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); > > if (err) { > > kfree_skb(skb); > > @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, > > } else { > > /* Copy credentials */ > > scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); > > + unix_set_secdata(siocb->scm, skb); > > check_creds = 1; > > } > > > > -- > > 1.7.1 > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 3/23/2011 8:57 AM, Eric Paris wrote: > On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote: >> From: Pat Kane <pekane52@gmail.com> >> Date: Tue, 22 Mar 2011 19:38:37 -0500 >> >>> The unix_dgram routines add secdata to socket messages, >>> but the unix_stream routines do not. I have added the >>> two missing lines of code. >>> >>> Signed-off-by: Pat Kane <pekane52@gmail.com> >> The security hooks appear to be only intended to operate on datagram >> sockets, and as such I think the omission of UNIX stream sockets was >> very much on purpose. >> >> The SELINUX hook implementations even have "_dgram()" in their names. >> >> Catherine Zhang added to CC: as she last made modifications to these >> hooks. > And I'll add Paul Moore as I think he understands the intersection > of /net and /security better than anyone. Paul is definitely the man on this. I've also added the LSM list, as while SELinux is the only current user of secdata that may not always be the case. >>> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c >>> index 1663e1a..8753cdd 100644 >>> --- a/net/unix/af_unix.c >>> +++ b/net/unix/af_unix.c >>> @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, >>> max_level = err + 1; >>> fds_sent = true; >>> >>> + unix_get_secdata(siocb->scm, skb); >>> + >>> err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); >>> if (err) { >>> kfree_skb(skb); >>> @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, >>> } else { >>> /* Copy credentials */ >>> scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); >>> + unix_set_secdata(siocb->scm, skb); >>> check_creds = 1; >>> } >>> >>> -- >>> 1.7.1 >>> >>> -- >>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in >>> the body of a message to majordomo@vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> Please read the FAQ at http://www.tux.org/lkml/ > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
>> On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote: >>> The SELINUX hook implementations even have "_dgram()" in their names. The LSM hook that I am having problems with, and that the patch fixes is "secid_to_secctx()" not "socket_getpeersec_dgram()". Pat --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wednesday, March 23, 2011 4:23:35 PM Pat Kane wrote: > >> On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote: > >>> The SELINUX hook implementations even have "_dgram()" in their names. > > The LSM hook that I am having problems with, and that the patch fixes > is "secid_to_secctx()" not "socket_getpeersec_dgram()". Can you explain the problem you are having? I'm specifically interested in who is calling secid_to_secctx() on a AF_UNIX stream packet. Adding the secid token to a AF_UNIX stream packet isn't likely to be the right solution, although until we hear what the core problem is, I'm not sure we can offer any fixes. -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 1663e1a..8753cdd 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, max_level = err + 1; fds_sent = true; + unix_get_secdata(siocb->scm, skb); + err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); if (err) { kfree_skb(skb); @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, } else { /* Copy credentials */ scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); + unix_set_secdata(siocb->scm, skb); check_creds = 1; }
The unix_dgram routines add secdata to socket messages, but the unix_stream routines do not. I have added the two missing lines of code. Signed-off-by: Pat Kane <pekane52@gmail.com> --- net/unix/af_unix.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)