[PATCH] apparmor: mediate the implicit connect of TCP fast open sendmsg
John Johansen
john.johansen at canonical.com
Tue Jun 23 07:15:35 UTC 2026
On 6/22/26 13:57, Bryam Vargas via B4 Relay wrote:
> From: Bryam Vargas <hexlabsecurity at proton.me>
>
> sendmsg()/sendto() with MSG_FASTOPEN is a combination of connect(2) and
> write(2): it opens the connection in the SYN. apparmor_socket_sendmsg()
> only checks AA_MAY_SEND, so a profile that grants send but denies connect
> lets a confined task open an outbound TCP/MPTCP connection that connect(2)
> would have refused, bypassing connect mediation.
>
> Mediate the implicit connect when MSG_FASTOPEN is set and a destination
> is supplied. Add it to apparmor_socket_sendmsg() (not the shared
> aa_sock_msg_perm() helper, which recvmsg also uses) and call aa_sk_perm()
> directly, mirroring the selinux and tomoyo fixes. sk_is_tcp() does not
> cover MPTCP fast open, so the SOCK_STREAM/IPPROTO_MPTCP arm is explicit.
>
> Fixes: cf60af03ca4e ("net-tcp: Fast Open client - sendmsg(MSG_FASTOPEN)")
> Cc: stable at vger.kernel.org
> Signed-off-by: Bryam Vargas <hexlabsecurity at proton.me>
Acked-by: John Johansen <john.johansen at canonical.com>
I have pulled this into my tree
> ---
> This is the patch and reproducer requested in [1]. A userspace regression test
> (tests/regression/apparmor/net_inet_tcp_fastopen) follows separately to the
> apparmor tree, as suggested.
>
> Reproducer (behavioral; the bypassed value is policy, not bus state, so no special
> hardware). Under a profile that grants inet/inet6 stream send but denies connect, on
> the current Debian security kernel 6.12.94 (apparmor active):
>
> [TCP ] connect(2)=EACCES sendto(MSG_FASTOPEN)=OK -> connect bypassed (listener accepted)
> [TCP6] connect(2)=EACCES sendto(MSG_FASTOPEN)=OK -> connect bypassed
>
> The kernel audit shows the connect(2) denial and no connect record for the fastopen
> sendto:
>
> apparmor="DENIED" operation="connect" profile="egress_restricted" comm="lsm_tfo_ab"
> family="inet" sock_type="stream" protocol=6 requested_mask="connect" denied_mask="connect"
>
> With this patch the fastopen sendto hits that same connect denial. Full reproducer
> available on request.
>
> Same-class fixes: selinux [2], tomoyo [3]; the original cross-LSM report (landlock,
> the first instance) is [4].
>
> [1] https://lore.kernel.org/r/20260619011138.264578-1-hexlabsecurity@proton.me
> [2] https://lore.kernel.org/r/20260618175513.112443-2-stephen.smalley.work@gmail.com
> [3] https://lore.kernel.org/r/20260619002207.61104-1-matthieu@buffet.re
> [4] https://lore.kernel.org/r/20260616201615.275032-1-hexlabsecurity@proton.me
> ---
> security/apparmor/lsm.c | 16 +++++++++++++++-
> 1 file changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 3491e9f60194..e01efdf50efa 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -1422,7 +1422,21 @@ static int aa_sock_msg_perm(const char *op, u32 request, struct socket *sock,
> static int apparmor_socket_sendmsg(struct socket *sock,
> struct msghdr *msg, int size)
> {
> - return aa_sock_msg_perm(OP_SENDMSG, AA_MAY_SEND, sock, msg, size);
> + int error = aa_sock_msg_perm(OP_SENDMSG, AA_MAY_SEND, sock, msg, size);
> +
> + if (error)
> + return error;
> +
> + /* TCP fast open carries connect() semantics in sendmsg(); mediate
> + * the implicit connect so it cannot bypass the connect permission.
> + */
> + if ((msg->msg_flags & MSG_FASTOPEN) && msg->msg_name &&
> + (sk_is_tcp(sock->sk) ||
> + (sk_is_inet(sock->sk) && sock->sk->sk_type == SOCK_STREAM &&
> + sock->sk->sk_protocol == IPPROTO_MPTCP)))
> + error = aa_sk_perm(OP_CONNECT, AA_MAY_CONNECT, sock->sk);
> +
> + return error;
> }
>
> static int apparmor_socket_recvmsg(struct socket *sock,
>
> ---
> base-commit: 4549871118cf616eecdd2d939f78e3b9e1dddc48
> change-id: 20260622-b4-disp-aba401c6-f02842c82975
>
> Best regards,
More information about the Linux-security-module-archive
mailing list