From: sds@tycho.nsa.gov (Stephen Smalley)
To: linux-security-module@vger.kernel.org
Subject: [PATCH] selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets
Date: Tue, 20 Jun 2017 16:04:23 -0400 [thread overview]
Message-ID: <1497989063.12069.18.camel@tycho.nsa.gov> (raw)
In-Reply-To: <CAHC9VhQsVa+0LgqFyguqq0bhXOz7mrbJfXy-+rJjY53xnCkixg@mail.gmail.com>
On Tue, 2017-06-20 at 15:49 -0400, Paul Moore wrote:
> On Mon, Jun 19, 2017 at 5:33 PM, Luis Ressel <aranea@aixah.de> wrote:
> > For PF_UNIX, SOCK_RAW is synonymous with SOCK_DGRAM (cf.
> > net/unix/af_unix.c). This is a tad obscure, but libpcap uses it.
> >
> > Signed-off-by: Luis Ressel <aranea@aixah.de>
> > Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> > ---
> > ?security/selinux/hooks.c | 1 +
> > ?1 file changed, 1 insertion(+)
>
> My only concern is what effect this will have on existing policy.
> Prior to this patch PF_UNIX/SOCK_RAW will result in the generic
> "socket" class where after this patch it will result in the
> "unix_dgram_socket".??I believe this is the right change, but it
> seems
> like this should be wrapped by a policy capability, yes?
I doubt it is worth a policy capability. Permission to create/use
socket tends to be far rarer than permission to create/use
unix_dgram_socket; looks like we never allow the former without the
latter in Fedora, for example.
>
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index 819fd6858b49..1a331fba4a3c 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -1275,6 +1275,7 @@ static inline u16
> > socket_type_to_security_class(int family, int type, int protoc
> > ????????????????case SOCK_SEQPACKET:
> > ????????????????????????return SECCLASS_UNIX_STREAM_SOCKET;
> > ????????????????case SOCK_DGRAM:
> > +???????????????case SOCK_RAW:
> > ????????????????????????return SECCLASS_UNIX_DGRAM_SOCKET;
> > ????????????????}
> > ????????????????break;
> > --
> > 2.13.1
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-20 20:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-19 21:33 [PATCH] selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets Luis Ressel
2017-06-20 19:49 ` Paul Moore
2017-06-20 20:04 ` Stephen Smalley [this message]
2017-06-20 21:43 ` Paul Moore
2017-06-21 9:48 ` Luis Ressel
2017-06-21 19:04 ` Paul Moore
2017-07-10 22:25 ` Paul Moore
-- strict thread matches above, loose matches on Subject: below --
2017-06-18 21:45 Luis Ressel
2017-06-19 20:10 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1497989063.12069.18.camel@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).