| Message ID | 1262437456-24476-3-git-send-email-sam@synack.fr |
|---|---|
| State | RFC, archived |
| Delegated to: | David Miller |
| Headers | show |
Quoting Samir Bellabes (sam@synack.fr): > This reverts commit 8651d5c0b1f874c5b8307ae2b858bc40f9f02482. > > snet needs to reintroduce this hook, as it was designed to be: a hook for > updating security informations on objects. > > Signed-off-by: Samir Bellabes <sam@synack.fr> Acked-by: Serge Hallyn <serue@us.ibm.com> (contingent of course on the proposed user actually going in :) > --- > include/linux/security.h | 13 +++++++++++++ > net/socket.c | 2 ++ > security/capability.c | 5 +++++ > security/security.c | 5 +++++ > 4 files changed, 25 insertions(+), 0 deletions(-) > > diff --git a/include/linux/security.h b/include/linux/security.h > index 275dd04..c12a286 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -931,6 +931,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) > * @sock contains the listening socket structure. > * @newsock contains the newly created server socket for connection. > * Return 0 if permission is granted. > + * @socket_post_accept: > + * This hook allows a security module to copy security > + * information into the newly created socket's inode. > + * @sock contains the listening socket structure. > + * @newsock contains the newly created server socket for connection. > * @socket_sendmsg: > * Check permission before transmitting a message to another socket. > * @sock contains the socket structure. > @@ -1667,6 +1672,8 @@ struct security_operations { > struct sockaddr *address, int addrlen); > int (*socket_listen) (struct socket *sock, int backlog); > int (*socket_accept) (struct socket *sock, struct socket *newsock); > + void (*socket_post_accept) (struct socket *sock, > + struct socket *newsock); > int (*socket_sendmsg) (struct socket *sock, > struct msghdr *msg, int size); > int (*socket_recvmsg) (struct socket *sock, > @@ -2689,6 +2696,7 @@ int security_socket_bind(struct socket *sock, struct sockaddr *address, int addr > int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); > int security_socket_listen(struct socket *sock, int backlog); > int security_socket_accept(struct socket *sock, struct socket *newsock); > +void security_socket_post_accept(struct socket *sock, struct socket *newsock); > int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); > int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, > int size, int flags); > @@ -2771,6 +2779,11 @@ static inline int security_socket_accept(struct socket *sock, > return 0; > } > > +static inline void security_socket_post_accept(struct socket *sock, > + struct socket *newsock) > +{ > +} > + > static inline int security_socket_sendmsg(struct socket *sock, > struct msghdr *msg, int size) > { > diff --git a/net/socket.c b/net/socket.c > index 8984973..fcd4f2b 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -1557,6 +1557,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, > fd_install(newfd, newfile); > err = newfd; > > + security_socket_post_accept(sock, newsock); > + > out_put: > fput_light(sock->file, fput_needed); > out: > diff --git a/security/capability.c b/security/capability.c > index a9810dc..61eae40 100644 > --- a/security/capability.c > +++ b/security/capability.c > @@ -641,6 +641,10 @@ static int cap_socket_accept(struct socket *sock, struct socket *newsock) > return 0; > } > > +static void cap_socket_post_accept(struct socket *sock, struct socket *newsock) > +{ > +} > + > static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) > { > return 0; > @@ -1081,6 +1085,7 @@ void security_fixup_ops(struct security_operations *ops) > set_to_cap_if_null(ops, socket_connect); > set_to_cap_if_null(ops, socket_listen); > set_to_cap_if_null(ops, socket_accept); > + set_to_cap_if_null(ops, socket_post_accept); > set_to_cap_if_null(ops, socket_sendmsg); > set_to_cap_if_null(ops, socket_recvmsg); > set_to_cap_if_null(ops, socket_getsockname); > diff --git a/security/security.c b/security/security.c > index 7457ed5..20ae0b8 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1084,6 +1084,11 @@ int security_socket_accept(struct socket *sock, struct socket *newsock) > return security_ops->socket_accept(sock, newsock); > } > > +void security_socket_post_accept(struct socket *sock, struct socket *newsock) > +{ > + security_ops->socket_post_accept(sock, newsock); > +} > + > int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) > { > return security_ops->socket_sendmsg(sock, msg, size); > -- > 1.6.3.3 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Serge E. Hallyn wrote: > Quoting Samir Bellabes (sam@synack.fr): > > This reverts commit 8651d5c0b1f874c5b8307ae2b858bc40f9f02482. > > > > snet needs to reintroduce this hook, as it was designed to be: a hook for > > updating security informations on objects. > > > > Signed-off-by: Samir Bellabes <sam@synack.fr> > > Acked-by: Serge Hallyn <serue@us.ibm.com> > > (contingent of course on the proposed user actually going in :) > > > diff --git a/net/socket.c b/net/socket.c > > index 8984973..fcd4f2b 100644 > > --- a/net/socket.c > > +++ b/net/socket.c > > @@ -1557,6 +1557,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, > > fd_install(newfd, newfile); > > err = newfd; > > > > + security_socket_post_accept(sock, newsock); > > + > > out_put: > > fput_light(sock->file, fput_needed); > > out: I think we should call security_socket_post_accept() before fd_install(). Otherwise, other threads which share fd tables can use security-informations-not-yet-updated accept()ed sockets. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Quoting Tetsuo Handa (penguin-kernel@I-love.SAKURA.ne.jp): > Serge E. Hallyn wrote: > > Quoting Samir Bellabes (sam@synack.fr): > > > This reverts commit 8651d5c0b1f874c5b8307ae2b858bc40f9f02482. > > > > > > snet needs to reintroduce this hook, as it was designed to be: a hook for > > > updating security informations on objects. > > > > > > Signed-off-by: Samir Bellabes <sam@synack.fr> > > > > Acked-by: Serge Hallyn <serue@us.ibm.com> > > > > (contingent of course on the proposed user actually going in :) > > > > > diff --git a/net/socket.c b/net/socket.c > > > index 8984973..fcd4f2b 100644 > > > --- a/net/socket.c > > > +++ b/net/socket.c > > > @@ -1557,6 +1557,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, > > > fd_install(newfd, newfile); > > > err = newfd; > > > > > > + security_socket_post_accept(sock, newsock); > > > + > > > out_put: > > > fput_light(sock->file, fput_needed); > > > out: > > I think we should call security_socket_post_accept() before fd_install(). > Otherwise, other threads which share fd tables can use > security-informations-not-yet-updated accept()ed sockets. That makes sense. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/security.h b/include/linux/security.h index 275dd04..c12a286 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -931,6 +931,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @sock contains the listening socket structure. * @newsock contains the newly created server socket for connection. * Return 0 if permission is granted. + * @socket_post_accept: + * This hook allows a security module to copy security + * information into the newly created socket's inode. + * @sock contains the listening socket structure. + * @newsock contains the newly created server socket for connection. * @socket_sendmsg: * Check permission before transmitting a message to another socket. * @sock contains the socket structure. @@ -1667,6 +1672,8 @@ struct security_operations { struct sockaddr *address, int addrlen); int (*socket_listen) (struct socket *sock, int backlog); int (*socket_accept) (struct socket *sock, struct socket *newsock); + void (*socket_post_accept) (struct socket *sock, + struct socket *newsock); int (*socket_sendmsg) (struct socket *sock, struct msghdr *msg, int size); int (*socket_recvmsg) (struct socket *sock, @@ -2689,6 +2696,7 @@ int security_socket_bind(struct socket *sock, struct sockaddr *address, int addr int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); int security_socket_listen(struct socket *sock, int backlog); int security_socket_accept(struct socket *sock, struct socket *newsock); +void security_socket_post_accept(struct socket *sock, struct socket *newsock); int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags); @@ -2771,6 +2779,11 @@ static inline int security_socket_accept(struct socket *sock, return 0; } +static inline void security_socket_post_accept(struct socket *sock, + struct socket *newsock) +{ +} + static inline int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { diff --git a/net/socket.c b/net/socket.c index 8984973..fcd4f2b 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1557,6 +1557,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; + security_socket_post_accept(sock, newsock); + out_put: fput_light(sock->file, fput_needed); out: diff --git a/security/capability.c b/security/capability.c index a9810dc..61eae40 100644 --- a/security/capability.c +++ b/security/capability.c @@ -641,6 +641,10 @@ static int cap_socket_accept(struct socket *sock, struct socket *newsock) return 0; } +static void cap_socket_post_accept(struct socket *sock, struct socket *newsock) +{ +} + static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { return 0; @@ -1081,6 +1085,7 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, socket_connect); set_to_cap_if_null(ops, socket_listen); set_to_cap_if_null(ops, socket_accept); + set_to_cap_if_null(ops, socket_post_accept); set_to_cap_if_null(ops, socket_sendmsg); set_to_cap_if_null(ops, socket_recvmsg); set_to_cap_if_null(ops, socket_getsockname); diff --git a/security/security.c b/security/security.c index 7457ed5..20ae0b8 100644 --- a/security/security.c +++ b/security/security.c @@ -1084,6 +1084,11 @@ int security_socket_accept(struct socket *sock, struct socket *newsock) return security_ops->socket_accept(sock, newsock); } +void security_socket_post_accept(struct socket *sock, struct socket *newsock) +{ + security_ops->socket_post_accept(sock, newsock); +} + int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { return security_ops->socket_sendmsg(sock, msg, size);
This reverts commit 8651d5c0b1f874c5b8307ae2b858bc40f9f02482. snet needs to reintroduce this hook, as it was designed to be: a hook for updating security informations on objects. Signed-off-by: Samir Bellabes <sam@synack.fr> --- include/linux/security.h | 13 +++++++++++++ net/socket.c | 2 ++ security/capability.c | 5 +++++ security/security.c | 5 +++++ 4 files changed, 25 insertions(+), 0 deletions(-)