From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: James Morris <jmorris@namei.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
linux-security-module@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets.
Date: Wed, 4 Dec 2019 21:50:34 +0900 [thread overview]
Message-ID: <579b10bb-990f-ae4c-8098-b39e56a4c475@i-love.sakura.ne.jp> (raw)
In-Reply-To: <b7263da2-d56d-0f27-a7e5-03541ff8a0c1@i-love.sakura.ne.jp>
On 2019/11/21 22:59, Tetsuo Handa wrote:
> On 2019/11/21 19:18, Tetsuo Handa wrote:
>> On 2019/11/21 16:21, James Morris wrote:
>>> On Wed, 13 Nov 2019, Tetsuo Handa wrote:
>>>
>>>> Hello, Andrew and James.
>>>>
>>>> I have difficulty setting up environments for sending pull request to linux.git
>>>> (nobody around me knows Linux kernel maintainer's workflow at the command line level).
>>>> Can you pick up the following commit via mmotm or linux-security.git tree?
>>>
>>> Not sure if your fix is complete.
>>>
>>> Are there other potential paths to trigger this via tomoyo_path_perm() ?
>>>
>>> e.g. call unlink(2) on /proc/pid/fd/sockfd
>>
>> I think they are safe. For example, unlink(2) checks that
>> inode is valid before calling security_path_unlink().
>
> Hmm, since unlink(2) locks parent's inode instead of inode to be removed itself,
> there is indeed possibility that tomoyo_path_perm() races with __sock_release().
> We need another patch...
>
I decided to drop tomoyo_get_socket_name(). Will you pick up the following commit?
commit c39593ab0500fcd6db290b311c120349927ddc04
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Mon Nov 25 10:46:51 2019 +0900
tomoyo: Don't use nifty names on sockets.
next prev parent reply other threads:[~2019-12-04 12:50 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-05 18:42 KASAN: use-after-free Read in tomoyo_realpath_from_path syzbot
2019-06-05 22:09 ` Tetsuo Handa
2019-06-06 2:08 ` Tetsuo Handa
2019-06-06 5:20 ` Tetsuo Handa
2019-06-09 6:41 ` [PATCH] tomoyo: Don't check open/getattr permission on sockets Tetsuo Handa
2019-06-16 6:49 ` Tetsuo Handa
2019-06-18 20:49 ` Al Viro
2019-06-22 4:45 ` [PATCH v2] " Tetsuo Handa
2019-07-04 11:58 ` Tetsuo Handa
2019-07-07 2:44 ` James Morris
2019-07-07 2:50 ` James Morris
2019-08-09 15:51 ` Tetsuo Handa
2019-09-03 6:52 ` Tetsuo Handa
2019-09-13 13:41 ` Tetsuo Handa
[not found] ` <A9CE5147-4047-4C42-B772-F0ED510FA283@canb.auug.org.au>
2019-10-02 10:50 ` Tetsuo Handa
2019-10-02 22:25 ` Stephen Rothwell
2019-10-03 9:59 ` Tetsuo Handa
2019-11-13 13:49 ` Tetsuo Handa
2019-11-21 7:21 ` James Morris
2019-11-21 10:18 ` Tetsuo Handa
2019-11-21 13:59 ` Tetsuo Handa
2019-12-04 12:50 ` Tetsuo Handa [this message]
2019-12-09 21:37 ` James Morris
2019-12-10 10:21 ` Tetsuo Handa
2019-12-10 23:02 ` Stephen Rothwell
2019-12-11 11:19 ` Tetsuo Handa
2019-10-02 22:22 ` Stephen Rothwell
2019-08-22 6:30 ` Eric Biggers
2019-08-22 6:55 ` Tetsuo Handa
2019-08-22 7:01 ` Eric Biggers
2019-08-22 7:42 ` Tetsuo Handa
2019-08-22 15:47 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=579b10bb-990f-ae4c-8098-b39e56a4c475@i-love.sakura.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=akpm@linux-foundation.org \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).