On Tue, May 31, 2022 at 1:05 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > Hello everyone, > > Investigating the yet still spuriously failing SCTP ASCONF test [1] FWIW, I haven't seen failures with the SCTP tests when doing my testing, but perhaps I've just been lucky with the timing windows. > has led me to realize that the SCTP_PARAM_* chunk handling is in fact > severely flawed. The SCTP_PARAM_* code paths reuse the > security_sctp_bind_connect() hook, but that hook uses the current > task's sid when checking the socket::connect permission, which is not > correct, since there is no guarantee on the task context in which the > incoming ASCONF packet will be processed. > > The relevant selinux-testsuite test [1] expects the subject sid to be > the one of the server, which has been true only by accident, as SCTP > often processes the incoming ASCONF chunk via softirq right after it > is sent. > > This seems tricky to fix, as we don't have any appropriate subject > context at hand at the time of receiving the ASCONF chunk... Any > ideas? I had some interruptions at home this afternoon, but I'll take a look tonight to see if anything comes to mind. Although I believe you know that code fairly well so I'm not very confident that I'll be able to spot anything new. -- paul-moore.com
