Chris Wright wrote:
* Stephen Smalley (sds@xxxxxxxxxxxxxx) wrote:
On Sun, 2004-11-14 at 13:13, Ross Kendall Axe wrote:
With CONFIG_SECURITY_NETWORK=y and CONFIG_SECURITY_SELINUX=y, using
SOCK_SEQPACKET unix domain sockets causes an oops in the superfluous(?)
call to security_unix_may_send in sock_dgram_sendmsg. This patch avoids
making this call for SOCK_SEQPACKET sockets.
I'd prefer to track down the actual issue in the SELinux code and
correct it than just omit the security hook call entirely. Do you have
the Oops output and a trivial test case? Thanks.
and test case at
Just run 'seqpacket-crashd & seqpacket-crash' a couple of times.
Well, there is one simple case that will trigger the Oops. Send a
SEQPACKET to a connected but not yet accepted socket. In this case
other->sk_socket is still NULL, and SELinux will deref the NULL pointer
in selinux_socket_may_send() when geting other_isec. There is already
a check in unix_stream_connect, which is all that's used for normal unix
stream sockets. But the seqpacket socket then uses unix_dgram_sendmsg,
so triggers the may_send check as well.
A possibility that hadn't occurred to me was using sendto to send packets
without connecting. Is this supposed to work? If so, then my patch is
indeed inappropriate. If not, then that needs fixing also.
Description: OpenPGP digital signature