Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4050094imm; Tue, 25 Sep 2018 10:27:47 -0700 (PDT) X-Google-Smtp-Source: ACcGV61Bw1/+4UoaE+ANClb72YrLGuE7XNakoYPJ8g2hcpEac5Le6Xd1ULlki1zTQb1RkqkzCsED X-Received: by 2002:a17:902:6b89:: with SMTP id p9-v6mr2166109plk.272.1537896467400; Tue, 25 Sep 2018 10:27:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537896467; cv=none; d=google.com; s=arc-20160816; b=mILnIgVdBnfgbvqlmpUlbnN8Gvka1ZPbdBH6YvKwZp01GxNUUzZMml7nDKG4SzvTEq yjbpSrWAYHShz48zhOfA/5kqdaBexLsdQtFjaJy043HAEfQwbeLh0Cnti4qAEYtNeHQr NVl2MNWWIjuaXplEFD6eTMR6yzXw/riXEdWHU4+3aOQdvW1FCeyHXU+Twpv34bhg6y2q H/A+FO9p21WXW4PvBhH+1TXPIzRDyMrv5kgBZ35yJ59XnIPOfG/8AZWfOiE7aIqI5ya5 TFg/Yaah35A1TsZq3S3qpGJ/VeZSHbaiZvBhbUiEIwnlAJqk5ol8KKodR82iyNbDyQiK ur2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:cc:date:message-id:subject :mime-version:content-transfer-encoding:from; bh=zIonnuS6dF8Ri0xxYruq3RMwYLgm2lY0AmXl+i3egCM=; b=aCj63WXVKWvu/lFd5pfFeALN+y6DLwzua6TK9/f7rwmz2vULew01/8R1Vvq61694/S 3VTWQiR3Xa4FvGMd1HHZ48nOr3PrDxEu30GCJI1YItctG/InhqgosluCjGOE87uKtDIf OMOYyX/XvxGFheuATQk6Cs6zcdfCjEtT6WDx4GSlJVnhzG1B/a9w24z/QdN6ioCOh7VB K4yigAfb1kvn4xoZ12BlDs2P7i1BcUiTHrMHT5XaYPMOTqpKeohKl9YC8+VWeUIzoQez f1SCxreVdG+51z+ikhP29fBYZEb+AyDx55MqpqPAsis1ATLpa8k9dOnoHvG5svNGGxHC pelw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h9-v6si2663756pgr.260.2018.09.25.10.27.31; Tue, 25 Sep 2018 10:27:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728164AbeIYXfi convert rfc822-to-8bit (ORCPT + 99 others); Tue, 25 Sep 2018 19:35:38 -0400 Received: from outbound.smtp.vt.edu ([198.82.183.121]:41846 "EHLO omr1.cc.vt.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727677AbeIYXfh (ORCPT ); Tue, 25 Sep 2018 19:35:37 -0400 Received: from mr1.cc.vt.edu (smtp.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id w8PHR7Lc026023 for ; Tue, 25 Sep 2018 13:27:07 -0400 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by mr1.cc.vt.edu (8.14.7/8.14.7) with ESMTP id w8PHR1av008334 for ; Tue, 25 Sep 2018 13:27:07 -0400 Received: by mail-qk1-f197.google.com with SMTP id c22-v6so26577262qkb.18 for ; Tue, 25 Sep 2018 10:27:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=7knTsdcOCmw5O92FJp/xx10ePeaFsJ6ZmlsaWAD7AKc=; b=S8Aolt8bAL8rtYPBWvT25ZjpmrOdxQphPuqxQ+cCYOZaDrxxzHGpNt5OX+89kFpcRO 4GF/4gjuvXiqPTxgJc2XdQRHtfRqXSsdnvjXKw7158rRXqHCKeBCMgEQwF9BvhehNK3t 2jbm7XjRwP6T/9NfkSQHA7Ys5cmu0OZ2kZpPR1fr3RVysZiDZ1CPSFfGFHtW0Zog9qXD UfVk3JfSsOf60KWRrQmdLuoWYz84T1LuVz6EJ2+5R0wS6PtIweehL+IUa+QZqAPLl0xT 6m44ZcXDDVHXAKZjeUGj8bYZGJ+KG70vUbYgRc2uZ/5WgE/md9JcPaw1d419wbGKKsri zLAw== X-Gm-Message-State: ABuFfohL7rJHwAZqvJBSO+0vHS/CIhgBFOHiVvc+ojjMAaibCan69ns6 ofiY48kq2TksCYTzazqYdb7V7uTHr+obhbHCB3BU2SvqvW/OI4wFuVXeKwkIkcEUpraANbUU/WN kIuOfnoPytzbxGDMo36nrW/WIryT08qZV7dg= X-Received: by 2002:aed:3903:: with SMTP id l3-v6mr1614344qte.315.1537896421782; Tue, 25 Sep 2018 10:27:01 -0700 (PDT) X-Received: by 2002:aed:3903:: with SMTP id l3-v6mr1614332qte.315.1537896421630; Tue, 25 Sep 2018 10:27:01 -0700 (PDT) Received: from [192.168.15.200] (linker.cs.vt.edu. [128.173.236.60]) by smtp.gmail.com with ESMTPSA id k71-v6sm2140801qkh.30.2018.09.25.10.27.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Sep 2018 10:27:01 -0700 (PDT) From: Tong Zhang Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Subject: Leaking path or inconsistency LSM checking observed in fs/net Message-Id: <8004D467-2F24-4E9F-A429-AA4EE5D2E366@vt.edu> Date: Tue, 25 Sep 2018 13:27:00 -0400 Cc: linux-kernel@vger.kernel.org, ocfs2-devel@oss.oracle.com, cluster-devel@redhat.com, linux-security-module@vger.kernel.org, Wenbo Shen To: mark@fasheh.com, jlbec@evilplan.org, keescook@chromium.org, davem@davemloft.net, viro@zeniv.linux.org.uk, dvlasenk@redhat.com, ccaulfie@redhat.com, teigland@redhat.com X-Mailer: Apple Mail (2.3445.100.39) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Kernel Version: 4.18.5 Problem Description: We found several leaking path or inconsistency LSM design issue in fs/net. Currently we can only observe sock creation from kernel and all bind/listen/connect are not sent to LSM. So, we think that those net/socket related stuff should all go through LSM check and being audited even it is not a user thread or process. Here’s an example where we have a check: in fs/ocfs2/cluster/tcp.c:2035 o2net_open_listening_sock() a sock is created using sock_create(), where a LSM check security_socket_create is called(net/socket.c:1242) And where we don’t have a check fs/ocfs2/cluster/tcp.c:2052 bind fs/ocfs2/cluster/tcp.c:2059 listen fs/dlm/lowcomms.c:1264 bind fs/dlm/lowcomms.c:1278 listen fs/dlm/lowcomms.c:1354 listen several places that use kernel_bind/kernel_listen/kernel_connect net/socket.c:3231 kernel_bind net/socket.c:3237 kernel_listen net/socket.c:3286 kernel_connect - Tong