Date: Thu, 30 Apr 2020 16:46:30 -0400 From: Paul Moore <paul@...l-moore.com> To: oss-security@...ts.openwall.com Cc: Stephen Smalley <stephen.smalley.work@...il.com> Subject: Linux kernel SELinux/netlink missing access check Hello all, On Friday, April 24th Dmitry Vyukov reported a difference in netlink message handling between SELinux enabled and disabled kernels (archive link below). While discussing the issue it became apparent that SELinux was not properly handling the case where multiple netlink messages were placed in the sk_buff that is passed to the netlink_send LSM hook (the SELinux implementation is in selinux_netlink_send()). A patch has been posted to the SELinux mailing list (archive link below) and will be sent to Linus shortly for inclusion in an upcoming Linux v5.7-rcX release. * SELinux mailing list discussion - https://lore.kernel.org/selinux/CACT4Y+YTi4JCFRqOB9rgA22S+6xxTo87X41hj6Tdfro8K3ef7g@mail.gmail.com * Patch which addresses the problem - https://lore.kernel.org/selinux/158827786575.204093.6741581954492272816.stgit@chester -- paul moore www.paul-moore.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.