system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-29 07:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/security
History
Konstantin Andreev e86cac0acd smack: unix sockets: fix accept()ed socket label 
When a process accept()s connection from a unix socket
(either stream or seqpacket)
it gets the socket with the label of the connecting process.

For example, if a connecting process has a label 'foo',
the accept()ed socket will also have 'in' and 'out' labels 'foo',
regardless of the label of the listener process.

This is because kernel creates unix child sockets
in the context of the connecting process.

I do not see any obvious way for the listener to abuse
alien labels coming with the new socket, but,
to be on the safe side, it's better fix new socket labels.

Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2024-06-19 09:25:00 -07:00
..
apparmor lsm: remove the now superfluous sentinel element from ctl_table array 2024-04-15 15:00:00 -04:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity ima: add crypto agility support for template-hash algorithm 2024-04-12 09:59:04 -04:00
keys KEYS: trusted: Do not use WARN when encode fails 2024-05-21 02:35:10 +03:00
landlock landlock: Fix d_parent walk 2024-05-31 16:41:52 +02:00
loadpin hardening fixes for v6.10-rc1 2024-05-24 08:33:44 -07:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux integrity-v6.10 2024-05-15 08:43:02 -07:00
smack smack: unix sockets: fix accept()ed socket label 2024-06-19 09:25:00 -07:00
tomoyo kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
yama lsm: remove the now superfluous sentinel element from ctl_table array 2024-04-15 15:00:00 -04:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig fortify: drop Clang version check for 12.0.1 or newer 2024-02-22 15:38:54 -08:00
Kconfig.hardening mm: init_mlocked_on_free_v3 2024-04-25 20:56:29 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c security: allow finer granularity in permitting copy-up of security xattrs 2024-04-09 17:14:57 -04:00