From: Chris Wright <chrisw@osdl.org>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Ross Kendall Axe <ross.axe@blueyonder.co.uk>,
netdev@oss.sgi.com, lkml <linux-kernel@vger.kernel.org>,
jmorris@redhat.com
Subject: Re: [PATCH] linux 2.9.10-rc1: Fix oops in unix_dgram_sendmsg when using SELinux and SOCK_SEQPACKET
Date: Tue, 16 Nov 2004 00:41:25 -0800 [thread overview]
Message-ID: <20041116004122.V14339@build.pdx.osdl.net> (raw)
In-Reply-To: <1100525477.31773.38.camel@moss-spartans.epoch.ncsc.mil>; from sds@epoch.ncsc.mil on Mon, Nov 15, 2004 at 08:31:17AM -0500
* Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> On Sun, 2004-11-14 at 13:13, Ross Kendall Axe wrote:
> > With CONFIG_SECURITY_NETWORK=y and CONFIG_SECURITY_SELINUX=y, using
> > SOCK_SEQPACKET unix domain sockets causes an oops in the superfluous(?)
> > call to security_unix_may_send in sock_dgram_sendmsg. This patch avoids
> > making this call for SOCK_SEQPACKET sockets.
>
> I'd prefer to track down the actual issue in the SELinux code and
> correct it than just omit the security hook call entirely. Do you have
> the Oops output and a trivial test case? Thanks.
Well, there is one simple case that will trigger the Oops. Send a
SEQPACKET to a connected but not yet accepted socket. In this case
other->sk_socket is still NULL, and SELinux will deref the NULL pointer
in selinux_socket_may_send() when geting other_isec. There is already
a check in unix_stream_connect, which is all that's used for normal unix
stream sockets. But the seqpacket socket then uses unix_dgram_sendmsg,
so triggers the may_send check as well.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2004-11-16 8:41 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-14 18:13 [PATCH] linux 2.9.10-rc1: Fix oops in unix_dgram_sendmsg when using SELinux and SOCK_SEQPACKET Ross Kendall Axe
2004-11-15 13:31 ` Stephen Smalley
2004-11-16 8:41 ` Chris Wright [this message]
2004-11-17 21:29 ` Ross Kendall Axe
2004-11-18 0:09 ` Ross Kendall Axe
2004-11-18 3:42 ` James Morris
2004-11-18 4:25 ` James Morris
2004-11-18 6:07 ` Chris Wright
2004-11-18 7:25 ` Ross Kendall Axe
2004-11-18 7:59 ` James Morris
2004-11-18 8:27 ` James Morris
2004-11-18 16:44 ` Chris Wright
2004-11-18 17:01 ` James Morris
2004-11-18 17:07 ` Chris Wright
2004-11-18 17:11 ` James Morris
2004-11-18 17:25 ` James Morris
2004-11-18 16:58 ` Alan Cox
2004-11-18 22:34 ` David S. Miller
2004-11-19 3:23 ` Ross Kendall Axe
2004-11-19 7:19 ` Chris Wright
2004-11-19 9:40 ` Ross Kendall Axe
2004-11-19 13:05 ` Arnaldo Carvalho de Melo
2004-11-19 13:16 ` Arnaldo Carvalho de Melo
2004-11-18 16:49 ` Alan Cox
2004-11-18 18:40 ` James Morris
2004-11-18 23:39 ` Alan Cox
2004-11-19 3:12 ` James Morris
2004-11-19 7:01 ` Chris Wright
2004-11-19 7:12 ` James Morris
2004-11-19 7:28 ` Chris Wright
2004-11-19 11:39 ` Alan Cox
2004-11-19 16:24 ` James Morris
2004-11-20 7:11 ` David S. Miller
2004-11-18 16:45 ` Alan Cox
2004-11-18 18:28 ` James Morris
2004-11-18 18:34 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041116004122.V14339@build.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=ross.axe@blueyonder.co.uk \
--cc=sds@epoch.ncsc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).