[PATCH 5/5] smack: fix bug: invalid label of unix socket file
Casey Schaufler
casey at schaufler-ca.com
Mon Jun 16 17:11:55 UTC 2025
On 6/16/2025 4:46 AM, Konstantin Andreev wrote:
> Roberto Sassu, 16 Jun 2025 11:05:11 +0200:
>> On Mon, 2025-06-16 at 04:07 +0300, Konstantin Andreev wrote:
>>> According to [1], the label of a UNIX domain socket (UDS)
>>>
>>> [irrelevant portion of the message deleted]
>>>
>>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>>> index fb23254c8a54..1b41ae053966 100644
>>> --- a/security/smack/smack_lsm.c
>>> +++ b/security/smack/smack_lsm.c
>>> @@ -1021,6 +1021,16 @@ static int smack_inode_init_security(struct
>>> inode *inode, struct inode *dir,
>>> bool trans_cred;
>>> bool trans_rule;
>>> + /*
>>> + * UNIX domain sockets use lower level socket data. Let
>>> + * UDS inode have fixed * label to keep
>>> smack_inode_permission() calm
>>> + * when called from unix_find_bsd()
>>> + */
>>> + if (S_ISSOCK(inode->i_mode)) {
>>> + /* forced label, no need to save to xattrs */
>>> + issp->smk_inode = &smack_known_star;
>>> + goto instant_inode;
>>
>> Maybe you could also set SMK_INODE_INSTANT here and just return.
>
> Certainly.
>
> But I personally avoid duplication even of small cleanups
> and avoid multiple returns at the price of few gotos.
I generally prefer
if (xyzzy)
return -ESOMETHING;
to
if (xyzzy)
goto err_out;
...
err_out:
return -ESOMETHING;
I grew up in the era of "gotos considered harmful". When
err_out does more than just return a goto is fine, but a goto
that has nothing but a return is unnecessary and adds code that
needn't be there.
>
> A matter of style. Either way is fine for me.
> Let Casey decide.
>
> Konstantin
>
> [the rest of the message deleted]
>
More information about the Linux-security-module-archive
mailing list