Patch "smack: unix sockets: fix accept()ed socket label" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    smack: unix sockets: fix accept()ed socket label

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     smack-unix-sockets-fix-accept-ed-socket-label.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f8fd6f2c32eb11ff72711e7c536063abc3d57fc9
Author: Konstantin Andreev <andreev@xxxxxxxxx>
Date:   Mon Jun 17 01:44:30 2024 +0300

    smack: unix sockets: fix accept()ed socket label
    
    [ Upstream commit e86cac0acdb1a74f608bacefe702f2034133a047 ]
    
    When a process accept()s connection from a unix socket
    (either stream or seqpacket)
    it gets the socket with the label of the connecting process.
    
    For example, if a connecting process has a label 'foo',
    the accept()ed socket will also have 'in' and 'out' labels 'foo',
    regardless of the label of the listener process.
    
    This is because kernel creates unix child sockets
    in the context of the connecting process.
    
    I do not see any obvious way for the listener to abuse
    alien labels coming with the new socket, but,
    to be on the safe side, it's better fix new socket labels.
    
    Signed-off-by: Konstantin Andreev <andreev@xxxxxxxxx>
    Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7d04b21737cf..a9582737c230 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3640,12 +3640,18 @@ static int smack_unix_stream_connect(struct sock *sock,
 		}
 	}
 
-	/*
-	 * Cross reference the peer labels for SO_PEERSEC.
-	 */
 	if (rc == 0) {
+		/*
+		 * Cross reference the peer labels for SO_PEERSEC.
+		 */
 		nsp->smk_packet = ssp->smk_out;
 		ssp->smk_packet = osp->smk_out;
+
+		/*
+		 * new/child/established socket must inherit listening socket labels
+		 */
+		nsp->smk_out = osp->smk_out;
+		nsp->smk_in  = osp->smk_in;
 	}
 
 	return rc;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux