All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Samir Bellabes <sam@synack.fr>
Cc: linux-security-module@vger.kernel.org,
	Patrick McHardy <kaber@trash.net>, jamal <hadi@cyberus.ca>,
	Evgeniy Polyakov <zbr@ioremap.net>,
	Neil Horman <nhorman@tuxdriver.com>,
	netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [RFC 1/9] lsm: add security_socket_closed()
Date: Mon, 4 Jan 2010 12:33:55 -0600	[thread overview]
Message-ID: <20100104183355.GA5083@us.ibm.com> (raw)
In-Reply-To: <1262437456-24476-2-git-send-email-sam@synack.fr>

Quoting Samir Bellabes (sam@synack.fr):
> Allow a module to update security informations when a socket is closed.
> 
> Signed-off-by: Samir Bellabes <sam@synack.fr>
> ---
>  include/linux/security.h |   10 ++++++++++
>  net/socket.c             |    1 +
>  security/capability.c    |    5 +++++
>  security/security.c      |    5 +++++
>  4 files changed, 21 insertions(+), 0 deletions(-)
> 
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 466cbad..275dd04 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -974,6 +974,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
>   *	@sock contains the socket structure.
>   *	@how contains the flag indicating how future sends and receives are handled.
>   *	Return 0 if permission is granted.
> + * @socket_close:
> + *	Allow a module to update security informations when a socket is closed
> + *	@sock is closed.
>   * @socket_sock_rcv_skb:
>   *	Check permissions on incoming network packets.  This hook is distinct
>   *	from Netfilter's IP input hooks since it is the first time that the
> @@ -1673,6 +1676,7 @@ struct security_operations {
>  	int (*socket_getsockopt) (struct socket *sock, int level, int optname);
>  	int (*socket_setsockopt) (struct socket *sock, int level, int optname);
>  	int (*socket_shutdown) (struct socket *sock, int how);
> +	void (*socket_close) (struct socket *sock);
>  	int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
>  	int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
>  	int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
> @@ -2693,6 +2697,7 @@ int security_socket_getpeername(struct socket *sock);
>  int security_socket_getsockopt(struct socket *sock, int level, int optname);
>  int security_socket_setsockopt(struct socket *sock, int level, int optname);
>  int security_socket_shutdown(struct socket *sock, int how);
> +void security_socket_close(struct socket *sock);
>  int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
>  int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
>  				      int __user *optlen, unsigned len);
> @@ -2805,6 +2810,11 @@ static inline int security_socket_shutdown(struct socket *sock, int how)
>  {
>  	return 0;
>  }
> +
> +static inline void security_socket_close(struct socket *sock)
> +{
> +}
> +
>  static inline int security_sock_rcv_skb(struct sock *sk,
>  					struct sk_buff *skb)
>  {
> diff --git a/net/socket.c b/net/socket.c
> index dbfdfa9..8984973 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -1074,6 +1074,7 @@ static int sock_close(struct inode *inode, struct file *filp)
>  		printk(KERN_DEBUG "sock_close: NULL inode\n");
>  		return 0;
>  	}
> +	security_socket_close(SOCKET_I(inode));

Hi,

Should this also be called at other sock_release() callers, i.e.
on error paths throughout net/socket.c?  ofr instance, I assume
sock_create() will set up whatever you want released, so if
sock_map-fd() fails, do you need to call security_socket_close()
there as well?

If so, should it just be called from sock_release()?

Or do you really intend for this only to be called when userspace
purposely releases the socket?

>  	sock_release(SOCKET_I(inode));
>  	return 0;
>  }
> diff --git a/security/capability.c b/security/capability.c
> index 5c700e1..a9810dc 100644
> --- a/security/capability.c
> +++ b/security/capability.c
> @@ -677,6 +677,10 @@ static int cap_socket_shutdown(struct socket *sock, int how)
>  	return 0;
>  }
> 
> +static void cap_socket_close(struct socket *sock)
> +{
> +}
> +
>  static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
>  {
>  	return 0;
> @@ -1084,6 +1088,7 @@ void security_fixup_ops(struct security_operations *ops)
>  	set_to_cap_if_null(ops, socket_setsockopt);
>  	set_to_cap_if_null(ops, socket_getsockopt);
>  	set_to_cap_if_null(ops, socket_shutdown);
> +	set_to_cap_if_null(ops, socket_close);
>  	set_to_cap_if_null(ops, socket_sock_rcv_skb);
>  	set_to_cap_if_null(ops, socket_getpeersec_stream);
>  	set_to_cap_if_null(ops, socket_getpeersec_dgram);
> diff --git a/security/security.c b/security/security.c
> index 24e060b..7457ed5 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1120,6 +1120,11 @@ int security_socket_shutdown(struct socket *sock, int how)
>  	return security_ops->socket_shutdown(sock, how);
>  }
> 
> +void security_socket_close(struct socket *sock)
> +{
> +	return security_ops->socket_close(sock);
> +}
> +
>  int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
>  {
>  	return security_ops->socket_sock_rcv_skb(sk, skb);
> -- 
> 1.6.3.3
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2010-01-04 18:33 UTC|newest]

Thread overview: 61+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-02 13:04 [RFC 0/9] snet: Security for NETwork syscalls Samir Bellabes
2010-01-02 13:04 ` [RFC 1/9] lsm: add security_socket_closed() Samir Bellabes
2010-01-04 18:33   ` Serge E. Hallyn [this message]
2010-01-02 13:04 ` [RFC 2/9] Revert "lsm: Remove the socket_post_accept() hook" Samir Bellabes
2010-01-04 18:36   ` Serge E. Hallyn
2010-01-05  0:31     ` Tetsuo Handa
2010-01-05  0:38       ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes Samir Bellabes
2010-01-04 18:39   ` Serge E. Hallyn
2010-01-06  6:04     ` Samir Bellabes
2010-01-02 13:04 ` [RFC 4/9] snet: introduce snet_core.c and snet.h Samir Bellabes
2010-01-04 14:43   ` Patrick McHardy
2010-01-06 18:23     ` Samir Bellabes
2010-01-06 19:46     ` Samir Bellabes
2010-01-06 19:58       ` Evgeniy Polyakov
2010-01-23  2:07         ` Samir Bellabes
2010-01-23  2:18           ` Evgeniy Polyakov
2010-01-07 14:34     ` Samir Bellabes
2010-01-07 14:53     ` Samir Bellabes
2010-01-07 14:58       ` Samir Bellabes
2010-01-08  4:32     ` Samir Bellabes
2010-01-04 18:42   ` Serge E. Hallyn
2010-01-06  6:12     ` Samir Bellabes
2010-01-02 13:04 ` [RFC 5/9] snet: introduce snet_event.c and snet_event.h Samir Bellabes
2010-01-02 20:09   ` Evgeniy Polyakov
2010-01-02 23:38     ` Samir Bellabes
2010-01-04 19:08   ` Serge E. Hallyn
2010-01-08  7:21     ` Samir Bellabes
2010-01-08 15:34       ` Serge E. Hallyn
2010-01-08 17:44         ` Samir Bellabes
2010-01-08 17:51           ` Samir Bellabes
2010-01-08 18:10             ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 6/9] snet: introduce snet_hooks.c and snet_hook.h Samir Bellabes
2010-01-02 20:13   ` Evgeniy Polyakov
2010-01-03 11:10     ` Samir Bellabes
2010-01-03 19:16       ` Stephen Hemminger
2010-01-03 22:26         ` Samir Bellabes
2010-01-02 13:04 ` [RFC 7/9] snet: introduce snet_netlink.c and snet_netlink.h Samir Bellabes
2010-01-04 15:08   ` Patrick McHardy
2010-01-13  4:19     ` Samir Bellabes
2010-01-13  4:28     ` Samir Bellabes
2010-01-13  5:36       ` Patrick McHardy
2010-01-13  4:36     ` Samir Bellabes
2010-01-13  4:41     ` Samir Bellabes
2010-01-13  6:03     ` Samir Bellabes
2010-01-13  6:20     ` Samir Bellabes
2010-01-15  7:02     ` Samir Bellabes
2010-01-15  9:15     ` Samir Bellabes
2010-01-16  1:59     ` Samir Bellabes
2010-01-17  5:42     ` Samir Bellabes
2010-01-23 19:33     ` Samir Bellabes
2010-01-02 13:04 ` [RFC 8/9] snet: introduce snet_verdict.c and snet_verdict.h Samir Bellabes
2010-01-02 13:04 ` [RFC 9/9] snet: introduce snet_utils.c and snet_utils.h Samir Bellabes
2010-01-03 16:57 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
2010-01-05  7:26   ` Samir Bellabes
2010-01-05  8:20     ` Tetsuo Handa
2010-01-05 14:09       ` Serge E. Hallyn
2010-01-06  0:23         ` [PATCH] LSM: Update comment on security_sock_rcv_skb Tetsuo Handa
2010-01-06  3:27           ` Serge E. Hallyn
2010-01-10 21:53           ` James Morris
2010-01-10 16:20     ` [RFC 0/9] snet: Security for NETwork syscalls jamal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100104183355.GA5083@us.ibm.com \
    --to=serue@us.ibm.com \
    --cc=hadi@cyberus.ca \
    --cc=kaber@trash.net \
    --cc=linux-security-module@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    --cc=sam@synack.fr \
    --cc=zbr@ioremap.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.