From: Venkat Yekkirala <vyekkirala@TrustedCS.com>
To: selinux@tycho.nsa.gov
Cc: jmorris@namei.org, sds@tycho.nsa.gov, paul.moore@hp.com,
eparis@redhat.com, sgrubb@redhat.com, jbrindle@tresys.com
Subject: [PATCH 1/1] selinux: Null-out secmark after use - V.02
Date: Fri, 06 Oct 2006 16:49:39 -0500 [thread overview]
Message-ID: <4526CF73.1070200@trustedcs.com> (raw)
This nulls out the secmark field on the skb after
we are done with ALL the access checks in the postroute_last
hook to handle the case where multicast packets that we send
might be arriving back to us on a non-loopback device. This
would cause the flow_in hook to use the secmark on the skb
(ostensibly from the originating socket) as a security point
context, which it isn't.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
---
Right sign-off this time :)
--- net-2.6.sid6/security/selinux/hooks.c 2006-10-03 16:43:21.000000000 -0500
+++ net-2.6/security/selinux/hooks.c 2006-10-06 16:18:55.000000000 -0500
@@ -3903,6 +3903,22 @@ static unsigned int selinux_ip_postroute
}
err = avc_has_perm(skb->secmark, SECINITSID_NETMSG,
SECCLASS_PACKET, PACKET__FLOW_OUT, &ad);
+
+ if (skb->secmark && skb->dev != &loopback_dev)
+ /*
+ * Our multicast packets could get copied back
+ * to us, arriving on a non-loopback device.
+ * Leaving the secmark intact here will cause it
+ * to be used as a security point context in
+ * the flow_in hook above while it's not in fact
+ * a security point context.
+ *
+ * We may be able to retain this marking if
+ * we can reliably determine that it was a local
+ * packet although it arrived on a non-loopback
+ * device, in the flow_in hook above.
+ */
+ skb->secmark = SECSID_NULL;
}
out:
return err ? NF_DROP : NF_ACCEPT;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2006-10-06 21:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-06 21:49 Venkat Yekkirala [this message]
2006-10-07 14:41 ` [PATCH 1/1] selinux: Null-out secmark after use - V.02 James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4526CF73.1070200@trustedcs.com \
--to=vyekkirala@trustedcs.com \
--cc=eparis@redhat.com \
--cc=jbrindle@tresys.com \
--cc=jmorris@namei.org \
--cc=paul.moore@hp.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.