[PATCH v2] net/unix: Add secdata to unix_stream msgs

[PATCH v2] net/unix: Add secdata to unix_stream msgs

[Pat Kane]

The unix_dgram routines add secdata to socket messages,
but the unix_stream routines do not. I have added the
two missing lines of code.

Signed-off-by: Pat Kane <pekane52@gmail.com>
---
 net/unix/af_unix.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 1663e1a..8753cdd 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
 		max_level = err + 1;
 		fds_sent = true;
 
+		unix_get_secdata(siocb->scm, skb);
+
 		err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
 		if (err) {
 			kfree_skb(skb);
@@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
 		} else {
 			/* Copy credentials */
 			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
+			unix_set_secdata(siocb->scm, skb);
 			check_creds = 1;
 		}
 
-- 
1.7.1

Re: [PATCH v2] net/unix: Add secdata to unix_stream msgs

[David Miller]

From: Pat Kane <pekane52@gmail.com>
Date: Tue, 22 Mar 2011 19:38:37 -0500

> The unix_dgram routines add secdata to socket messages,
> but the unix_stream routines do not. I have added the
> two missing lines of code.
> 
> Signed-off-by: Pat Kane <pekane52@gmail.com>

The security hooks appear to be only intended to operate on datagram
sockets, and as such I think the omission of UNIX stream sockets was
very much on purpose.

The SELINUX hook implementations even have "_dgram()" in their names.

Catherine Zhang added to CC: as she last made modifications to these
hooks.

> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index 1663e1a..8753cdd 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
>  		max_level = err + 1;
>  		fds_sent = true;
>  
> +		unix_get_secdata(siocb->scm, skb);
> +
>  		err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
>  		if (err) {
>  			kfree_skb(skb);
> @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
>  		} else {
>  			/* Copy credentials */
>  			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
> +			unix_set_secdata(siocb->scm, skb);
>  			check_creds = 1;
>  		}
>  
> -- 
> 1.7.1
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v2] net/unix: Add secdata to unix_stream msgs

[Eric Paris]

On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote:
> From: Pat Kane <pekane52@gmail.com>
> Date: Tue, 22 Mar 2011 19:38:37 -0500
> 
> > The unix_dgram routines add secdata to socket messages,
> > but the unix_stream routines do not. I have added the
> > two missing lines of code.
> > 
> > Signed-off-by: Pat Kane <pekane52@gmail.com>
> 
> The security hooks appear to be only intended to operate on datagram
> sockets, and as such I think the omission of UNIX stream sockets was
> very much on purpose.
> 
> The SELINUX hook implementations even have "_dgram()" in their names.
> 
> Catherine Zhang added to CC: as she last made modifications to these
> hooks.

And I'll add Paul Moore as I think he understands the intersection
of /net and /security better than anyone.

> 
> > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> > index 1663e1a..8753cdd 100644
> > --- a/net/unix/af_unix.c
> > +++ b/net/unix/af_unix.c
> > @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
> >  		max_level = err + 1;
> >  		fds_sent = true;
> >  
> > +		unix_get_secdata(siocb->scm, skb);
> > +
> >  		err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
> >  		if (err) {
> >  			kfree_skb(skb);
> > @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
> >  		} else {
> >  			/* Copy credentials */
> >  			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
> > +			unix_set_secdata(siocb->scm, skb);
> >  			check_creds = 1;
> >  		}
> >  
> > -- 
> > 1.7.1
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v2] net/unix: Add secdata to unix_stream msgs

[Casey Schaufler]

On 3/23/2011 8:57 AM, Eric Paris wrote:
> On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote:
>> From: Pat Kane <pekane52@gmail.com>
>> Date: Tue, 22 Mar 2011 19:38:37 -0500
>>
>>> The unix_dgram routines add secdata to socket messages,
>>> but the unix_stream routines do not. I have added the
>>> two missing lines of code.
>>>
>>> Signed-off-by: Pat Kane <pekane52@gmail.com>
>> The security hooks appear to be only intended to operate on datagram
>> sockets, and as such I think the omission of UNIX stream sockets was
>> very much on purpose.
>>
>> The SELINUX hook implementations even have "_dgram()" in their names.
>>
>> Catherine Zhang added to CC: as she last made modifications to these
>> hooks.
> And I'll add Paul Moore as I think he understands the intersection
> of /net and /security better than anyone.

Paul is definitely the man on this. I've also added the LSM list,
as while SELinux is the only current user of secdata that may not
always be the case.


>>> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
>>> index 1663e1a..8753cdd 100644
>>> --- a/net/unix/af_unix.c
>>> +++ b/net/unix/af_unix.c
>>> @@ -1642,6 +1642,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
>>>  		max_level = err + 1;
>>>  		fds_sent = true;
>>>  
>>> +		unix_get_secdata(siocb->scm, skb);
>>> +
>>>  		err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
>>>  		if (err) {
>>>  			kfree_skb(skb);
>>> @@ -1930,6 +1932,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
>>>  		} else {
>>>  			/* Copy credentials */
>>>  			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
>>> +			unix_set_secdata(siocb->scm, skb);
>>>  			check_creds = 1;
>>>  		}
>>>  
>>> -- 
>>> 1.7.1
>>>
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>> Please read the FAQ at  http://www.tux.org/lkml/
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>
>

Re: [PATCH v2] net/unix: Add secdata to unix_stream msgs

[Pat Kane]

  >> On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote:
  >>> The SELINUX hook implementations even have "_dgram()" in their names.

The LSM hook that I am having problems with, and that the patch fixes
is  "secid_to_secctx()"  not "socket_getpeersec_dgram()".


Pat
---

Re: [PATCH v2] net/unix: Add secdata to unix_stream msgs

[Paul Moore]

On Wednesday, March 23, 2011 4:23:35 PM Pat Kane wrote:
>   >> On Tue, 2011-03-22 at 19:32 -0700, David Miller wrote:
>   >>> The SELINUX hook implementations even have "_dgram()" in their names.
> 
> The LSM hook that I am having problems with, and that the patch fixes
> is  "secid_to_secctx()"  not "socket_getpeersec_dgram()".

Can you explain the problem you are having?  I'm specifically interested in 
who is calling secid_to_secctx() on a AF_UNIX stream packet.

Adding the secid token to a AF_UNIX stream packet isn't likely to be the right 
solution, although until we hear what the core problem is, I'm not sure we can 
offer any fixes.

--
paul moore
linux @ hp