From: Casey Schaufler <casey@schaufler-ca.com>
To: Zbigniew Jasinski <z.jasinski@samsung.com>
Cc: James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH] smack: Fix a bidirectional UDS connect check typo
Date: Tue, 30 Dec 2014 09:07:54 -0800 [thread overview]
Message-ID: <54A2DBEA.2060509@schaufler-ca.com> (raw)
In-Reply-To: <1419863698-29558-1-git-send-email-z.jasinski@samsung.com>
On 12/29/2014 6:34 AM, Zbigniew Jasinski wrote:
> The 54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
> bidirectional check that should have checked for mutual WRITE access
> between two labels. Due to a typo subject's OUT label is checked with
> object's OUT. Should be OUT to IN.
>
> Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Applied to git://git.gitorious.org/smack-next/kernel.git#smack-for-3.20
> ---
> security/smack/smack_lsm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index b774029..30f61f8 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -3313,7 +3313,7 @@ static int smack_unix_stream_connect(struct sock *sock,
>
> if (!smack_privileged(CAP_MAC_OVERRIDE)) {
> skp = ssp->smk_out;
> - okp = osp->smk_out;
> + okp = osp->smk_in;
> #ifdef CONFIG_AUDIT
> smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
> smk_ad_setfield_u_net_sk(&ad, other);
> @@ -3321,6 +3321,8 @@ static int smack_unix_stream_connect(struct sock *sock,
> rc = smk_access(skp, okp, MAY_WRITE, &ad);
> rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
> if (rc == 0) {
> + okp = osp->smk_out;
> + skp = ssp->smk_in;
> rc = smk_access(okp, skp, MAY_WRITE, NULL);
> rc = smk_bu_note("UDS connect", okp, skp,
> MAY_WRITE, rc);
prev parent reply other threads:[~2014-12-30 17:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-29 14:34 [PATCH] smack: Fix a bidirectional UDS connect check typo Zbigniew Jasinski
2014-12-30 17:07 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54A2DBEA.2060509@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=z.jasinski@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.