Re: Question regarding sendmmsg().

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Paul Moore <paul.moore@hp.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: netdev@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: Question regarding sendmmsg().
Date: Tue, 26 Jul 2011 16:30:44 -0400	[thread overview]
Message-ID: <201107261630.44942.paul.moore@hp.com> (raw)
In-Reply-To: <201107222041.FGG51092.OOQFFLOtMVFJHS@I-love.SAKURA.ne.jp>

On Friday, July 22, 2011 7:41:20 AM Tetsuo Handa wrote:
> TOMOYO was about to add support for permission checks for
> PF_INET/PF_INET6/PF_UNIX socket's bind()/listen()/connect()/send()
> operations (
> http://www.spinics.net/linux/fedora/linux-security-module/msg11496.html ).
> 
> According to http://ozlabs.org/~anton/junkcode/sendmmsg_test.c , the
> sendmmsg() introduced by commit 228e548e "net: Add sendmmsg socket system
> call" is capable of sending to multiple different destinations with single
> sendmmsg(), isn't it?

I believe so, yes.

> If yes, my plan (restricting sendmsg() based on destination's address)
> became impossible since security_socket_sendmsg() (which receives the
> destination's address) is called for only once even if there are multiple
> different destinations.

We could always change this behavior so that the sendmsg() LSM hook is called 
for each msg sent, but there would be a performance impact associated with it. 

We decided that it was unnecessary to do it this way earlier because there was 
no need: SELinux and Smack both treat the socket as an endpoint (from a 
implementation point of view only, from a high level design Smack doesn't care 
about sockets) and AppArmor really doesn't have much in the way of network 
access controls at present.

--
paul moore
linux @ hp

     prev parent reply	other threads:[~2011-07-26 20:30 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <201107110304.p6B34422036886@www262.sakura.ne.jp>
     [not found] ` <201107191754.22391.paul.moore@hp.com>
     [not found]   ` <201107200142.p6K1gKYg077046@www262.sakura.ne.jp>
     [not found]     ` <201107211721.14511.paul.moore@hp.com>
2011-07-22 11:41       ` Question regarding sendmmsg() Tetsuo Handa
2011-07-22 12:27         ` Tetsuo Handa
2011-07-22 15:12           ` [PATCH] net: Fix security_socket_sendmsg() bypass problem Tetsuo Handa
2011-07-22 15:22             ` David Miller
2011-07-22 17:42               ` Tetsuo Handa
2011-07-22 18:31                 ` Tetsuo Handa
2011-07-23  5:20                   ` Tetsuo Handa
2011-07-23  7:04               ` Michael Tokarev
2011-07-23 10:39                 ` Tetsuo Handa
2011-07-25 12:20                   ` Anton Blanchard
2011-07-25 13:15                     ` Tetsuo Handa
2011-07-25 15:44                       ` Casey Schaufler
2011-07-25 16:43                         ` Tetsuo Handa
2011-07-25 17:00                           ` Casey Schaufler
2011-07-26  9:55                           ` Anton Blanchard
2011-07-26 11:21                             ` Tetsuo Handa
2011-07-26 13:58                               ` Eric Paris
2011-07-28  3:36                                 ` Tetsuo Handa
2011-08-02  6:07                                   ` David Miller
2011-08-02  9:28                                     ` Tetsuo Handa
2011-08-02 11:18                                       ` David Miller
2011-08-02 11:26                                         ` David Miller
2011-08-02 11:52                                           ` Tetsuo Handa
2011-08-02 12:01                                             ` David Miller
2011-08-02 13:11                                               ` Tetsuo Handa
2011-08-03  3:25                                                 ` Tetsuo Handa
2011-08-03  3:38                                                   ` David Miller
2011-08-03  3:47                                                     ` Anton Blanchard
2011-08-03 12:20                                                       ` Tetsuo Handa
2011-08-03 13:29                                                         ` Anton Blanchard
2011-08-03 13:37                                                           ` Eduard Sinelnikov
2011-08-03 21:50                                                           ` Tetsuo Handa
2011-08-04 12:56                                                             ` Anton Blanchard
2011-08-03 13:54                                                   ` Anton Blanchard
2011-07-26 20:30         ` Paul Moore [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201107261630.44942.paul.moore@hp.com \
    --to=paul.moore@hp.com \
    --cc=linux-security-module@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).