[PATCH v2] tomoyo: Don't check open/getattr permission on sockets.

Tetsuo Handa penguin-kernel at i-love.sakura.ne.jp
Wed Dec 4 12:50:34 UTC 2019


On 2019/11/21 22:59, Tetsuo Handa wrote:
> On 2019/11/21 19:18, Tetsuo Handa wrote:
>> On 2019/11/21 16:21, James Morris wrote:
>>> On Wed, 13 Nov 2019, Tetsuo Handa wrote:
>>>
>>>> Hello, Andrew and James.
>>>>
>>>> I have difficulty setting up environments for sending pull request to linux.git
>>>> (nobody around me knows Linux kernel maintainer's workflow at the command line level).
>>>> Can you pick up the following commit via mmotm or linux-security.git tree?
>>>
>>> Not sure if your fix is complete.
>>>
>>> Are there other potential paths to trigger this via tomoyo_path_perm() ?
>>>
>>> e.g. call unlink(2) on /proc/pid/fd/sockfd
>>
>> I think they are safe. For example, unlink(2) checks that
>> inode is valid before calling security_path_unlink().
> 
> Hmm, since unlink(2) locks parent's inode instead of inode to be removed itself,
> there is indeed possibility that tomoyo_path_perm() races with __sock_release().
> We need another patch...
> 

I decided to drop tomoyo_get_socket_name(). Will you pick up the following commit?

commit c39593ab0500fcd6db290b311c120349927ddc04
Author: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
Date:   Mon Nov 25 10:46:51 2019 +0900

    tomoyo: Don't use nifty names on sockets.



More information about the Linux-security-module-archive mailing list