oss-sec mailing list archives
Linux kernel SELinux/netlink missing access check
From: Paul Moore <paul () paul-moore com>
Date: Thu, 30 Apr 2020 16:46:30 -0400
Hello all, On Friday, April 24th Dmitry Vyukov reported a difference in netlink message handling between SELinux enabled and disabled kernels (archive link below). While discussing the issue it became apparent that SELinux was not properly handling the case where multiple netlink messages were placed in the sk_buff that is passed to the netlink_send LSM hook (the SELinux implementation is in selinux_netlink_send()). A patch has been posted to the SELinux mailing list (archive link below) and will be sent to Linus shortly for inclusion in an upcoming Linux v5.7-rcX release. * SELinux mailing list discussion - https://lore.kernel.org/selinux/CACT4Y+YTi4JCFRqOB9rgA22S+6xxTo87X41hj6Tdfro8K3ef7g () mail gmail com * Patch which addresses the problem - https://lore.kernel.org/selinux/158827786575.204093.6741581954492272816.stgit@chester -- paul moore www.paul-moore.com
Current thread:
- Linux kernel SELinux/netlink missing access check Paul Moore (Apr 30)