Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp2203012rbb; Tue, 27 Feb 2024 14:15:07 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWxmi6YA5vL8eqAm+1XLoTGg3LQ1t7S90ezyFrQBwBOMKvTv/9dWRmvAVw6WYr3+JIRgAjzNJca/QP1zgdRcewPG7DUSz/3fs2ZpZYTIQ== X-Google-Smtp-Source: AGHT+IGxVDBALse/IRALoTdOLPF/0eeIe5g+geJ9PaKvdAkJqnTYRcXv8hftRat9pZ9iR5WBgDxy X-Received: by 2002:a05:6402:74a:b0:566:2a1a:fe18 with SMTP id p10-20020a056402074a00b005662a1afe18mr2610235edy.36.1709072107478; Tue, 27 Feb 2024 14:15:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709072107; cv=pass; d=google.com; s=arc-20160816; b=YucSiRdDmHXVNjQIFmaCkGVWNEYX5Bt0n0EPF1svVjZPd1OySIF+7g0kMCD8hR0ENi 2GWc7Yy2ewDLiw6rvWrO26DBJucMXnRyqCdfXNHjj3r9d6x3c2Wq8miRFi5QgdxI8EZr u3ehBB44gCbtuy/v0qfLP13+TXRzCIB5BA/Ehadke0qBx17ZTcoY1s5VAwveUQlqce39 LKdgnfjnwfk4IFkeTxSf/8tItDrLlBZLPc+8Cv29CY+HJ+KhOda6gvgNQejgPVfvdLMx CDXifNJ5w4YW2zvMSKLFzgM4BBv8hAx57L/wcjp1PHOcXugQHhW0+qML/GY8dGiQZIaX z4Dw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=z1lHK46c00j9c5AVxNh7l6QQvoesmPrCexEpKozkdkw=; fh=m9UxC2p+2L/fiJbm02MBs5hMUW9YCrc6ELCbjM3shDo=; b=08NNIF0YodZpRtzuenw/BVdcsHY3+vAqlbKMEkPt4clhiynK4aScgg7eCUBlIiuZi+ NxOpZ+8I5t0NdwrgPakJ4UfDmJxeaj6x0Tmg85DHeV6VGBKPeuHh9LRYwgxN2KsVHQQi LFlZNHezAqr0de3NfMyVXJ8kZNqI8ecS0nSoOJGmJkkXZVr9FymO4QM/1Scr80hFuy2j GOgZLOLVel3M0OWIAmkzsCGlrz+/HqwzhcCRIMBdejG13DORws5pNJTwAr+GovTs885+ 0drPLBaclPr2zqrDxrw+gBe6ds10wtPO5d/havIoXKyWhwC4l77OumoRjPlvBvvUWmao +dqw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=YIEt4nxW; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-84114-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-84114-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id g12-20020aa7c58c000000b00563fbd1bb6bsi1015031edq.336.2024.02.27.14.15.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Feb 2024 14:15:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-84114-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=YIEt4nxW; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-84114-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-84114-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 181C91F24E71 for ; Tue, 27 Feb 2024 22:15:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4EBA5156963; Tue, 27 Feb 2024 22:14:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="YIEt4nxW" Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB85915531C for ; Tue, 27 Feb 2024 22:14:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709072053; cv=none; b=vAA21pFva7eIn0wDMCQrpD+QSnpuMxu8/aZ6S+Aax8NkiNv2eF+XHoSaOtOtnmtQ37OtnRp7f/aDlZaDb4dW6+iwPpmjZ/lY1kqeytuTSV+hj8/FBnt5TvZkRGd+1snRqX5SIujG+zCM83nGf6njllAcKTCzByAMNkz0z29j9Bw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709072053; c=relaxed/simple; bh=zqNdet0cnYxR5tdxAeiTzCtzka8qTvfd46LDjmjCpT0=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=IYYJ3Dd1m3y8Kh9U0Jg/vG87YLAx++cSpZzAa727Je1SvrSkJvUqMO68nsZp/qqkh6TmbUe2pJ/q9UieSd7ruDo5b8OpOfUqJZbStheLjrSFZhRET+eFrLbeqfBfn6JXCsRe3du7pFaPZ/KaRCVTkaHN+GSlGlFl4CSFj8DpgRU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=YIEt4nxW; arc=none smtp.client-ip=209.85.219.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yb1-f170.google.com with SMTP id 3f1490d57ef6-dcc86086c9fso5040093276.3 for ; Tue, 27 Feb 2024 14:14:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1709072050; x=1709676850; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=z1lHK46c00j9c5AVxNh7l6QQvoesmPrCexEpKozkdkw=; b=YIEt4nxWg3rkcDVhUOT6Zj42MVF2gBuH1EaoEe/1JWOqTJ7u2CvVNRdJyEtlgrBKvA s21VglZjwQG46dFhvSO1DFGs+YIcX7hjYvImwrk7y+FLT4kQJC2erxQN9ATlE0zSTHzj IRf0dnxsvbBvBeh4cm60uErg+EkTiRl8mgHAUQLasO/2aLCN4sWeix6b2F7/1vgLrj9M ATpN37NbOsk8XyVuD0i4Rka/oCZgoaEC7hab2FGOxpEsmtQxLdQj8wwTaf5RglKzoXAD Sbd2U/xT584UbN3Sg9QI3sMGaiAIr0Oq75zG+hTHFdhP7kUeM8MXWODAkd3WW2xawk9B LAbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709072050; x=1709676850; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z1lHK46c00j9c5AVxNh7l6QQvoesmPrCexEpKozkdkw=; b=mVhIuoPdcpiPsoC8MozpZSHNlS1QsgcZG6U8PCWASY2LfXi8W9ZAG+p6dllhgZJoTv HsFmN+HvN/jceSuMmPwYLoZ1EoOfLXodLGzfICPYxEnBOMjar6u07cLNRmmtmPJM7Whl CZIyeEfSrzHoDVsU2ofig/leiPqZDt3QzRbxF9WPaCRJ/qp1gv3P5DvbV4iCTLMJwOaI Y/SD3cQ1/uCk5Y8BCdLm7gViFBmEGLy6e/OvEaOnNsXXiF9negAqZY1cYLqvG10W/W0x 3ZaCGjNlR4Ayj05n6Q6Ui3chlouOg6ou6fTNoI0IPprxA5EGxHiIc0fc17uAD5MIuQki Gilw== X-Forwarded-Encrypted: i=1; AJvYcCU3HuQUomgloeNFWnqGCa+n2rLE/4Dgm941DXmqlDJRIb9cyeu3K2B64Uep2xIslBCytw1mbwuMwfqO7XVcyQcJ4oUgEMe8ImTNObc7 X-Gm-Message-State: AOJu0Ywh/9FSGOHFrIE3uYdLKBlKtk+ahM2WgFnhMPewQNyona7Aa+/d egxRAUNyPibAr7Psf96VM8TcLsY4pBtKqoyPKDXl3AGb3LdkLeo0GyCTcB34nJ5P9o+gtmyzkFD ZsMQCw9uni4+akpCaSc7/iUAlGiLu330/FZ2i X-Received: by 2002:a05:6902:100a:b0:dcc:1f6a:d755 with SMTP id w10-20020a056902100a00b00dcc1f6ad755mr838760ybt.39.1709072049607; Tue, 27 Feb 2024 14:14:09 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240223190546.3329966-1-mic@digikod.net> <20240223190546.3329966-2-mic@digikod.net> In-Reply-To: From: Paul Moore Date: Tue, 27 Feb 2024 17:13:58 -0500 Message-ID: Subject: Re: [PATCH 2/2] AppArmor: Fix lsm_get_self_attr() To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , John Johansen Cc: Casey Schaufler , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Feb 27, 2024 at 5:09=E2=80=AFPM Paul Moore wr= ote: > On Tue, Feb 27, 2024 at 11:01=E2=80=AFAM Paul Moore = wrote: > > On Mon, Feb 26, 2024 at 2:59=E2=80=AFPM Paul Moore wrote: > > > On Fri, Feb 23, 2024 at 4:07=E2=80=AFPM Paul Moore wrote: > > > > On Fri, Feb 23, 2024 at 2:06=E2=80=AFPM Micka=C3=ABl Sala=C3=BCn wrote: > > > > > > > > > > aa_getprocattr() may not initialize the value's pointer in some c= ase. > > > > > As for proc_pid_attr_read(), initialize this pointer to NULL in > > > > > apparmor_getselfattr() to avoid an UAF in the kfree() call. > > > > > > > > > > Cc: Casey Schaufler > > > > > Cc: John Johansen > > > > > Cc: Paul Moore > > > > > Cc: stable@vger.kernel.org > > > > > Fixes: 223981db9baf ("AppArmor: Add selfattr hooks") > > > > > Signed-off-by: Micka=C3=ABl Sala=C3=BCn > > > > > --- > > > > > security/apparmor/lsm.c | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > If you like John, I can send this up to Linus with the related SELi= nux > > > > fix, I would just need an ACK from you. > > > > > > Reviewed-by: Paul Moore > > > > > > This patch looks good to me, and while we've still got at least two > > > (maybe three?) more weeks before v6.8 is tagged, I think it would be > > > good to get this up to Linus ASAP. I'll hold off for another day, bu= t > > > if we don't see any comment from John I'll go ahead and merge this an= d > > > send it up to Linus with the SELinux fix; I'm sure John wouldn't be > > > happy if v6.8 went out the door without this fix. > > > > I just merged this into lsm/stable-6.8 and once the automated > > build/test has done it's thing and come back clean I'll send this, > > along with the associated SELinux fix, up to Linus. Thanks all. > > In off-list discussions with Micka=C3=ABl today it was noted that this > patch also needs a fixup to the commit description so I've replaced it > with the following: > > "In apparmor_getselfattr() when an invalid AppArmor > attribute is requested, or a value hasn't been explicitly > set for the requested attribute, the label passed to > aa_put_label() is not properly initialized which can cause > problems when the pointer value is non-NULL and AppArmor > attempts to drop a reference on the bogus label object." > > I've updated the commit in lsm/stable-6.8 and I'll be sending it to > Linus shortly. > > > John, if this commit is problematic please let me know and I'll send a > > fix or a revert. I also just realized that both this patch and the SELinux have the stable kernel marking which shouldn't be necessary as the LSM syscalls are only present in the v6.8-rcX kernels. I'm going to drop the stable tagging, but leave the 'Fixes:' tag of course. --=20 paul-moore.com