* [PATCH 1/1] selinux: Null-out secmark after use - V.02
@ 2006-10-06 21:49 Venkat Yekkirala
2006-10-07 14:41 ` James Morris
0 siblings, 1 reply; 2+ messages in thread
From: Venkat Yekkirala @ 2006-10-06 21:49 UTC (permalink / raw)
To: selinux; +Cc: jmorris, sds, paul.moore, eparis, sgrubb, jbrindle
This nulls out the secmark field on the skb after
we are done with ALL the access checks in the postroute_last
hook to handle the case where multicast packets that we send
might be arriving back to us on a non-loopback device. This
would cause the flow_in hook to use the secmark on the skb
(ostensibly from the originating socket) as a security point
context, which it isn't.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
---
Right sign-off this time :)
--- net-2.6.sid6/security/selinux/hooks.c 2006-10-03 16:43:21.000000000 -0500
+++ net-2.6/security/selinux/hooks.c 2006-10-06 16:18:55.000000000 -0500
@@ -3903,6 +3903,22 @@ static unsigned int selinux_ip_postroute
}
err = avc_has_perm(skb->secmark, SECINITSID_NETMSG,
SECCLASS_PACKET, PACKET__FLOW_OUT, &ad);
+
+ if (skb->secmark && skb->dev != &loopback_dev)
+ /*
+ * Our multicast packets could get copied back
+ * to us, arriving on a non-loopback device.
+ * Leaving the secmark intact here will cause it
+ * to be used as a security point context in
+ * the flow_in hook above while it's not in fact
+ * a security point context.
+ *
+ * We may be able to retain this marking if
+ * we can reliably determine that it was a local
+ * packet although it arrived on a non-loopback
+ * device, in the flow_in hook above.
+ */
+ skb->secmark = SECSID_NULL;
}
out:
return err ? NF_DROP : NF_ACCEPT;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] selinux: Null-out secmark after use - V.02
2006-10-06 21:49 [PATCH 1/1] selinux: Null-out secmark after use - V.02 Venkat Yekkirala
@ 2006-10-07 14:41 ` James Morris
0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2006-10-07 14:41 UTC (permalink / raw)
To: Venkat Yekkirala; +Cc: selinux, sds, paul.moore, eparis, sgrubb, jbrindle
On Fri, 6 Oct 2006, Venkat Yekkirala wrote:
> This nulls out the secmark field on the skb after
This doesn't apply to an upstream tree.
Please indicate which tree it is for and also whether you want it applied
or reviewed.
- James
--
James Morris
<jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-10-07 14:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-06 21:49 [PATCH 1/1] selinux: Null-out secmark after use - V.02 Venkat Yekkirala
2006-10-07 14:41 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.