On 3/6/2020 2:14 PM, Paul Moore wrote:
> On Fri, Feb 14, 2020 at 6:42 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>> Change the data used in UDS SO_PEERSEC processing from a
>> secid to a more general struct lsmblob. Update the
>> security_socket_getpeersec_dgram() interface to use the
>> lsmblob. There is a small amount of scaffolding code
>> that will come out when the security_secid_to_secctx()
>> code is brought in line with the lsmblob.
>>
>> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
>> Reviewed-by: John Johansen <john.johansen@xxxxxxxxxxxxx>
>> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
>> cc: netdev@xxxxxxxxxxxxxxx
>> ---
>> include/linux/security.h | 7 +++++--
>> include/net/af_unix.h | 2 +-
>> include/net/scm.h | 8 +++++---
>> net/ipv4/ip_sockglue.c | 8 +++++---
>> net/unix/af_unix.c | 6 +++---
>> security/security.c | 18 +++++++++++++++---
>> 6 files changed, 34 insertions(+), 15 deletions(-)
> ...
>
>> diff --git a/include/net/af_unix.h b/include/net/af_unix.h
>> index 17e10fba2152..59af08ca802f 100644
>> --- a/include/net/af_unix.h
>> +++ b/include/net/af_unix.h
>> @@ -36,7 +36,7 @@ struct unix_skb_parms {
>> kgid_t gid;
>> struct scm_fp_list *fp; /* Passed files */
>> #ifdef CONFIG_SECURITY_NETWORK
>> - u32 secid; /* Security ID */
>> + struct lsmblob lsmblob; /* Security LSM data */
>> #endif
>> u32 consumed;
>> } __randomize_layout;
> This might be a problem. As it currently stands, the sk_buff.cb field
> is 48 bytes; with CONFIG_SECURITY_NETWORK=n unix_skb_parms is 28 bytes
> on a 64-bit system. That leaves 20 bytes (room for 5 LSMs) assuming a
> tight packing *and* that netdev doesn't swoop in and drop another few
> fields in unix_skb_parms.
>
> This may work now, and you might manage to sneak this by the netdev
> crowd, but I predict problems in the future.
Do you think that making this a struct lsmblob * instead would make
the change more likely to be accepted? It would complicate the code
but remove the issue.
