Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Stephen Smalley

Subject: Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel

Date: Friday, October 26, 2007 - 1:34 pm

On Wed, 2007-10-24 at 20:46 -0700, Casey Schaufler wrote:
quoted text> diff -uprN -X linux-2.6.24-rc1-base/Documentation/dontdiff linux-2.6.24-rc1-base/security/smack/smack_lsm.c linux-2.6.24-rc1-smack/security/smack/smack_lsm.c
> --- linux-2.6.24-rc1-base/security/smack/smack_lsm.c	1969-12-31 16:00:00.000000000 -0800
> +++ linux-2.6.24-rc1-smack/security/smack/smack_lsm.c	2007-10-23 16:45:06.000000000 -0700
<snip>
quoted text> +/**
> + * smack_inode_getsecurity - get smack xattrs
> + * @inode: the object
> + * @name: attribute name
> + * @buffer: where to put the result
> + * @size: size of the buffer
> + * @err: unused
> + *
> + * Returns the size of the attribute or an error code
> + */
> +static int smack_inode_getsecurity(const struct inode *inode,
> +				   const char *name, void *buffer,
> +				   size_t size, int err)
> +{
> +	struct socket_smack *ssp;
> +	struct socket *sock;
> +	struct super_block *sbp;
> +	struct inode *ip = (struct inode *)inode;
> +	char *bsp = buffer;
> +	char *isp;
> +
> +	if (size < SMK_LABELLEN || name == NULL || bsp == NULL ||
> +	    inode == NULL || inode->i_security == NULL)
> +		return 0;
> +
> +	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
> +		isp = smk_of_inode(inode);
> +		strncpy(buffer, isp, SMK_LABELLEN);
> +		return strlen(isp) + 1;
> +	}
> +
> +	/*
> +	 * The rest of the Smack xattrs are only on sockets.
> +	 */
> +	sbp = ip->i_sb;
> +	if (sbp->s_magic != SOCKFS_MAGIC)
> +		return -EOPNOTSUPP;
> +
> +	sock = SOCKET_I(ip);
> +	if (sock == NULL)
> +		return -EOPNOTSUPP;
> +
> +	ssp = sock->sk->sk_security;
> +
> +	/*
> +	 * Should the packet attribute be unavailable return the error.
> +	 * This can happen if packets come in too fast.
> +	 */
> +	if (strcmp(name, XATTR_SMACK_PACKET) == 0) {
> +		if (ssp->smk_packet[0] == '__PLACEHOLDER__1_')
> +			return -ENODATA;
> +		isp = ssp->smk_packet;

Wrong strategy, racy.  Use getpeersec hooks, SO_PEERSEC for stream or
SCM_SECURITY for datagram.  They aren't just for labeled IPSEC - they
work fine for NetLabel too, see SELinux for an example.

quoted text> +	} else if (strcmp(name, XATTR_SMACK_IPIN) == 0)
> +		isp = ssp->smk_in;
> +	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
> +		isp = ssp->smk_out;
> +	else
> +		return -EOPNOTSUPP;
> +
> +	strncpy(buffer, isp, SMK_LABELLEN);
> +	return strlen(isp) + 1;
> +}
> +
<snip>
quoted text> +static int smack_socket_recvmsg(struct socket *sock, struct msghdr *msg,
> +				int size, int flags)
> +{
> +	struct socket_smack *ssp = sock->sk->sk_security;
> +
> +	/*
> +	 * If the depth is 0 no packets are queued.
> +	 * If the depth is > 1 the "current" has been overwritten.
> +	 */
> +
> +	if (ssp->smk_depth != 1)
> +		ssp->smk_packet[0] = '__PLACEHOLDER__3_';
> +	if (ssp->smk_depth != 0)
> +		ssp->smk_depth--;
> +
> +	return 0;
> +}

Same deal, use SCM_SECURITY and the getpeersec_dgram hook to do this in
a race-free way.

quoted text> +
> +/**
> + * smack_socket_sock_rcv_skb - Smack packet delivery access check
> + * @sk: socket
> + * @skb: packet
> + *
> + * Returns 0 if the packet should be delivered, an error code otherwise
> + */
> +static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
> +{
> +	struct netlbl_lsm_secattr secattr;
> +	struct socket_smack *ssp = sk->sk_security;
> +	char smack[SMK_LABELLEN];
> +	int rc;
> +
> +	if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
> +		return 0;
> +
> +	/*
> +	 * Translate what netlabel gave us.
> +	 */
> +	memset(smack, '__PLACEHOLDER__4_', SMK_LABELLEN);
> +	netlbl_secattr_init(&secattr);
> +	rc = netlbl_skbuff_getattr(skb, &secattr);
> +	if (rc == 0)
> +		smack_from_secattr(&secattr, smack);
> +	else
> +		strncpy(smack, smack_net_ambient, SMK_MAXLEN);
> +	netlbl_secattr_destroy(&secattr);
> +	/*
> +	 * Receiving a packet requires that the other end
> +	 * be able to write here. Read access is not required.
> +	 * This is the simplist possible security model
> +	 * for networking.
> +	 */
> +	rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
> +	if (rc != 0)
> +		return rc;
> +
> +	/*
> +	 * If recv was called and there were no outstanding packets
> +	 * this is the "current" Smack value to make available.
> +	 */
> +	if (ssp->smk_depth == 0)
> +		strcpy(ssp->smk_packet, smack);
> +	ssp->smk_depth++;

Ditto.

quoted text> +
> +	return 0;
> +}
> +

-- 
Stephen Smalley
National Security Agency

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Manda ..., Casey Schaufler, (Wed Oct 24, 8:46 pm)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Stephen Smalley, (Thu Oct 25, 8:07 am)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Casey Schaufler, (Thu Oct 25, 11:58 am)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Stephen Smalley, (Fri Oct 26, 1:34 pm)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Ahmed S. Darwish, (Fri Oct 26, 8:00 pm)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Ahmed S. Darwish, (Sat Oct 27, 2:01 am)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Casey Schaufler, (Sat Oct 27, 12:20 pm)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Al Viro, (Sat Oct 27, 4:47 pm)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Casey Schaufler, (Sat Oct 27, 10:41 pm)

Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified M ..., Ahmed S. Darwish, (Sun Oct 28, 5:46 am)

Navigation

Popular discussions


linux-kernel:
Ingo Molnar	Re: [patch 00/13] Syslets, "Threadlets", generic AIO support, v3
Andi Kleen	[PATCH] [0/35] Some x86 2.6.22 candidate patches for review
Andrew Morton	Re: [PATCH] lazy freeing of memory through MADV_FREE 2/2
Peter Zijlstra	Re: [RFC PATCH 1/2] Marker probes in futex.c
Stephen Rothwell	linux-next: manual merge of the block tree with the ext4 tree
git:
Felipe Contreras	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Johannes Schindelin	[PATCH] fetch: refuse to fetch into the current branch in a non-bare repository
Johannes Schindelin	Re: [PATCH] Fix install-doc-quick target
Peter Oberndorfer	Subject: [PATCH] fix stg edit command
Nicolas Pitre	Re: About git and the use of SHA-1
linux-netdev:
Ursula Braun	[patch 2/8] [PATCH] af_iucv: sync sk shutdown flag if iucv path is quiesced
David Dillow	Re: [PATCH 2.6.30-rc4] r8169: avoid losing MSI interrupts
Andi Kleen	Re: RFC: Nagle latency tuning
Chuck Lever	Re: [RFC] ipv6: Change %pI6 format to output compacted addresses?
Russell King	Re: [BUG] New Kernel Bugs
git-commits-head:
Linux Kernel Mailing List	sh: Fix compile error by operands(mov.l) in sh3/entry.S
Linux Kernel Mailing List	New device ID for sc92031 [1088:2031]
Linux Kernel Mailing List	e1000e: Expose MDI-X status via ethtool change
Linux Kernel Mailing List	arm/imx/gpio: GPIO_INT_{HIGH,LOW}_LEV are not necessarily constant
Linux Kernel Mailing List	powerpc/kexec: Add support for FSL-BookE
openbsd-misc:
Andres Salazar	About priorities in /etc/resolv.conf
Rob Shepherd	x86 hardware for router system
Henning Brauer	Re: Sun Blade 1000?
Mitja Muženič	Re: isakmpd -- NCP IPsec client: peer proposed invalid phase 2 IDs
P. Souza	Re: RouterBOARD RB600A support

Colocation donated by:

Syndicate