[PATCH] (2.6.24-rc4-mm1) -mm Smack getpeercred_stream fix for SO_PEERSECand TCP

From: Casey Schaufler
Date: Fri Dec 07 2007 - 15:57:45 EST

Next message: Eric W. Biederman: "Re: [PATCH] i386 IOAPIC: de-fang IRQ compression"
Previous message: Kay Sievers: "Re: [dm-devel] Re: 2.6.24-rc4-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

Collect the Smack label of the other end on connection so that
getsockopt(..., SO_PEERSEC, ...) can report it. This is done
in smack_inet_conn_request(). Report the correct value in
smack_socket_getpeersec_stream(). Initialize the smk_packet
field in the socket blob. Comment on the purpose of smk_packet
in the header file and remove the unused smk_depth field from
the blob.

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

---

security/smack/smack.h | 7 +++----
security/smack/smack_lsm.c | 14 +++++++++++---
2 files changed, 14 insertions(+), 7 deletions(-)

diff -uprN -X linux-2.6.24-rc4-mm1-base/Documentation/dontdiff linux-2.6.24-rc4-mm1-base/security/smack/smack.h linux-2.6.24-rc4-mm1-smack/security/smack/smack.h
--- linux-2.6.24-rc4-mm1-base/security/smack/smack.h 2007-12-04 19:20:59.000000000 -0800
+++ linux-2.6.24-rc4-mm1-smack/security/smack/smack.h 2007-12-07 09:25:16.000000000 -0800
@@ -44,10 +44,9 @@ struct superblock_smack {
};

struct socket_smack {
- char *smk_out; /* outbound label */
- char *smk_in; /* inbound label */
- char smk_packet[SMK_LABELLEN];
- int smk_depth;
+ char *smk_out; /* outbound label */
+ char *smk_in; /* inbound label */
+ char smk_packet[SMK_LABELLEN]; /* TCP peer label */
};

/*
diff -uprN -X linux-2.6.24-rc4-mm1-base/Documentation/dontdiff linux-2.6.24-rc4-mm1-base/security/smack/smack_lsm.c linux-2.6.24-rc4-mm1-smack/security/smack/smack_lsm.c
--- linux-2.6.24-rc4-mm1-base/security/smack/smack_lsm.c 2007-12-04 19:20:59.000000000 -0800
+++ linux-2.6.24-rc4-mm1-smack/security/smack/smack_lsm.c 2007-12-07 11:10:58.000000000 -0800
@@ -1232,6 +1232,7 @@ static int smack_sk_alloc_security(struc

ssp->smk_in = csp;
ssp->smk_out = csp;
+ ssp->smk_packet[0] = '\0';

sk->sk_security = ssp;

@@ -2115,11 +2116,11 @@ static int smack_socket_getpeersec_strea
int rc = 0;

ssp = sock->sk->sk_security;
- slen = strlen(ssp->smk_out);
+ slen = strlen(ssp->smk_packet) + 1;

if (slen > len)
rc = -ERANGE;
- else if (copy_to_user(optval, ssp->smk_out, slen) != 0)
+ else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
rc = -EFAULT;

if (put_user(slen, optlen) != 0)
@@ -2251,8 +2252,15 @@ static int smack_inet_conn_request(struc
/*
* Receiving a packet requires that the other end
* be able to write here. Read access is not required.
+ *
+ * If the request is successful save the peer's label
+ * so that SO_PEERCRED can report it.
*/
- return smk_access(smack, ssp->smk_in, MAY_WRITE);
+ rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
+ if (rc == 0)
+ strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
+
+ return rc;
}

/*

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: [PATCH] i386 IOAPIC: de-fang IRQ compression"
Previous message: Kay Sievers: "Re: [dm-devel] Re: 2.6.24-rc4-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]