WSL2-Linux-Kernel/security
Konstantin Andreev 09e89a5e11 smack: unix sockets: fix accept()ed socket label
[ Upstream commit e86cac0acdb1a74f608bacefe702f2034133a047 ]

When a process accept()s connection from a unix socket
(either stream or seqpacket)
it gets the socket with the label of the connecting process.

For example, if a connecting process has a label 'foo',
the accept()ed socket will also have 'in' and 'out' labels 'foo',
regardless of the label of the listener process.

This is because kernel creates unix child sockets
in the context of the connecting process.

I do not see any obvious way for the listener to abuse
alien labels coming with the new socket, but,
to be on the safe side, it's better fix new socket labels.

Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-09-12 11:07:45 +02:00
..
apparmor apparmor: fix possible NULL pointer dereference 2024-09-12 11:07:40 +02:00
bpf
integrity ima: Avoid blocking in RCU read-side critical section 2024-07-18 13:07:34 +02:00
keys task_work: s/task_work_cancel()/task_work_cancel_func()/ 2024-08-19 05:45:13 +02:00
landlock landlock: Don't lose track of restrictions on cred_transfer 2024-08-19 05:45:10 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:14:45 +01:00
lockdown
safesetid
selinux selinux: fix potential counting error in avc_add_xperms_decision() 2024-09-04 13:23:17 +02:00
smack smack: unix sockets: fix accept()ed socket label 2024-09-12 11:07:45 +02:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-06 14:38:48 +00:00
yama
Kconfig x86/retbleed: Add fine grained Kconfig knobs 2022-07-23 12:54:10 +02:00
Kconfig.hardening security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 2022-12-31 13:14:46 +01:00
Makefile
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 18:15:39 +01:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-12 11:58:59 +01:00
inode.c
lsm_audit.c
min_addr.c
security.c ima: Avoid blocking in RCU read-side critical section 2024-07-18 13:07:34 +02:00