On Fri, Feb 14, 2020 at 6:42 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>
> Change the data used in UDS SO_PEERSEC processing from a
> secid to a more general struct lsmblob. Update the
> security_socket_getpeersec_dgram() interface to use the
> lsmblob. There is a small amount of scaffolding code
> that will come out when the security_secid_to_secctx()
> code is brought in line with the lsmblob.
>
> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx>
> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> cc: netdev@xxxxxxxxxxxxxxx
> ---
> include/linux/security.h | 7 +++++--
> include/net/af_unix.h | 2 +-
> include/net/scm.h | 8 +++++---
> net/ipv4/ip_sockglue.c | 8 +++++---
> net/unix/af_unix.c | 6 +++---
> security/security.c | 18 +++++++++++++++---
> 6 files changed, 34 insertions(+), 15 deletions(-)
...
> diff --git a/include/net/af_unix.h b/include/net/af_unix.h
> index 17e10fba2152..59af08ca802f 100644
> --- a/include/net/af_unix.h
> +++ b/include/net/af_unix.h
> @@ -36,7 +36,7 @@ struct unix_skb_parms {
> kgid_t gid;
> struct scm_fp_list *fp; /* Passed files */
> #ifdef CONFIG_SECURITY_NETWORK
> - u32 secid; /* Security ID */
> + struct lsmblob lsmblob; /* Security LSM data */
> #endif
> u32 consumed;
> } __randomize_layout;
This might be a problem. As it currently stands, the sk_buff.cb field
is 48 bytes; with CONFIG_SECURITY_NETWORK=n unix_skb_parms is 28 bytes
on a 64-bit system. That leaves 20 bytes (room for 5 LSMs) assuming a
tight packing *and* that netdev doesn't swoop in and drop another few
fields in unix_skb_parms.
This may work now, and you might manage to sneak this by the netdev
crowd, but I predict problems in the future.
--
paul moore
www.paul-moore.com
