Re: SMACK LSM checks wrong object label during ingress network traffic

Linux Security Modules development
 help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: "Lontke, Michael" <Michael.Lontke@elektrobit.com>
Cc: "Ostertag, Martin" <Martin.Ostertag@elektrobit.com>,
	"linux-security-module@vger.kernel.org"
	<linux-security-module@vger.kernel.org>,
	"Weiß, Simone" <Simone.Weiss@elektrobit.com>,
	"Valleru, Yuvarajesh" <Yuvarajesh.Valleru@elektrobit.com>,
	"Irgang, Thomas" <Thomas.Irgang@elektrobit.com>,
	casey@schaufler-ca.com
Subject: Re: SMACK LSM checks wrong object label during ingress network traffic
Date: Thu, 1 Sep 2022 09:26:25 -0700	[thread overview]
Message-ID: <634fd39d-2ab3-3505-03df-bbb9c18f4c20@schaufler-ca.com> (raw)
In-Reply-To: <bcc11e5fe5a15017d12e396436c778f0f6d3b0ec.camel@elektrobit.com>

On 9/1/2022 1:40 AM, Lontke, Michael wrote:
> ...
> Thank you for your feedback. If your tests are successful you can add
>
> Signed-off-by: Michael Lontke <michael.lontke@elektrobit.com>
> Co-authored-by: Martin Ostertag <martin.ostertag@elektrobit.com>
>
> to the patch.

Everything looks fine. I have added the patch to

	https://github.com/cschaufler/smack-next#next

for inclusion in the v6.1 Linux kernel. Thank you.

>
>>> From: Lontke Michael <michael.lontke@elektrobit.com>
>>> Date: Wed, 31 Aug 2022 14:03:26 +0200
>>> Subject: [PATCH] SMACK: Add sk_clone_security LSM hook
>>>
>>> Using smk_of_current() during sk_alloc_security hook leads in rare
>>> cases
>>> to a faulty initialization of the security context of the created
>>> socket.
>>>
>>> By adding the LSM hook sk_clone_security to SMACK this
>>> initialization
>>> fault is corrected by copying the security context of the old
>>> socket
>>> pointer to the newly cloned one.
>>> ---
>>>  security/smack/smack_lsm.c | 16 ++++++++++++++++
>>>  1 file changed, 16 insertions(+)
>>>
>>> diff --git a/security/smack/smack_lsm.c
>>> b/security/smack/smack_lsm.c
>>> index 286171a16ed2..8eb47396376f 100644
>>> --- a/security/smack/smack_lsm.c
>>> +++ b/security/smack/smack_lsm.c
>>> @@ -2348,6 +2348,21 @@ static void smack_sk_free_security(struct
>>> sock
>>> *sk)
>>>       kfree(sk->sk_security);
>>>  }
>>>
>>> +/**
>>> + * smack_sk_clone_security - Copy security context
>>> + * @sk: the old socket
>>> + * @newsk: the new socket
>>> + *
>>> + * Copy the security context of the old socket pointer to the
>>> cloned
>>> + */
>>> +static void smack_sk_clone_security(const struct sock *sk, struct
>>> sock
>>> *newsk)
>>> +{
>>> +     struct socket_smack *ssp_old = sk->sk_security;
>>> +     struct socket_smack *ssp_new = newsk->sk_security;
>>> +
>>> +     *ssp_new = *ssp_old;
>>> +}
>>> +
>>>  /**
>>>  * smack_ipv4host_label - check host based restrictions
>>>  * @sip: the object end
>>> @@ -4710,6 +4725,7 @@ static struct security_hook_list
>>> smack_hooks[]
>>> __lsm_ro_after_init = {
>>>       LSM_HOOK_INIT(socket_getpeersec_dgram,
>>> smack_socket_getpeersec_dgram),
>>>       LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
>>>       LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
>>> +     LSM_HOOK_INIT(sk_clone_security, smack_sk_clone_security),
>>>       LSM_HOOK_INIT(sock_graft, smack_sock_graft),
>>>       LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
>>>       LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),

     prev parent reply	other threads:[~2022-09-01 16:26 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-25  9:25 SMACK LSM checks wrong object label during ingress network traffic Lontke, Michael
2022-08-25 15:59 ` Casey Schaufler
2022-08-26  8:40   ` Lontke, Michael
2022-08-26 16:15     ` Casey Schaufler
2022-08-30  9:30       ` Lontke, Michael
2022-08-30 14:06         ` Casey Schaufler
2022-08-31 12:13           ` Lontke, Michael
2022-08-31 14:38             ` Casey Schaufler
2022-09-01  8:40               ` Lontke, Michael
2022-09-01 16:26                 ` Casey Schaufler [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=634fd39d-2ab3-3505-03df-bbb9c18f4c20@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=Martin.Ostertag@elektrobit.com \
    --cc=Michael.Lontke@elektrobit.com \
    --cc=Simone.Weiss@elektrobit.com \
    --cc=Thomas.Irgang@elektrobit.com \
    --cc=Yuvarajesh.Valleru@elektrobit.com \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox