diff options
| author | Justin Suess <utilityemal77@gmail.com> | 2026-03-27 17:48:26 +0100 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2026-04-07 18:51:05 +0200 |
| commit | eb25e202b3d60cdc239f14e0e5f6f7465fcc506c (patch) | |
| tree | e3c6504dec2f95deed417b8cd0621b1c9f5867d4 /scripts/stackusage | |
| parent | 64617ec0339f3f52accf5614bc918a940a503f7a (diff) | |
lsm: Add LSM hook security_unix_find
Add an LSM hook security_unix_find.
This hook is called to check the path of a named UNIX socket before a
connection is initiated. The peer socket may be inspected as well.
Why existing hooks are unsuitable:
Existing socket hooks, security_unix_stream_connect(),
security_unix_may_send(), and security_socket_connect() don't provide
TOCTOU-free / namespace independent access to the paths of sockets.
(1) We cannot resolve the path from the struct sockaddr in existing hooks.
This requires another path lookup. A change in the path between the
two lookups will cause a TOCTOU bug.
(2) We cannot use the struct path from the listening socket, because it
may be bound to a path in a different namespace than the caller,
resulting in a path that cannot be referenced at policy creation time.
Consumers of the hook wishing to reference @other are responsible
for acquiring the unix_state_lock and checking for the SOCK_DEAD flag
therein, ensuring the socket hasn't died since lookup.
Cc: Günther Noack <gnoack3000@gmail.com>
Cc: Tingmao Wang <m@maowtm.org>
Cc: Mickaël Salaün <mic@digikod.net>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Justin Suess <utilityemal77@gmail.com>
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20260327164838.38231-2-gnoack3000@gmail.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'scripts/stackusage')
0 files changed, 0 insertions, 0 deletions