Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 Apr 2020 16:46:30 -0400
From: Paul Moore <paul@...l-moore.com>
To: oss-security@...ts.openwall.com
Cc: Stephen Smalley <stephen.smalley.work@...il.com>
Subject: Linux kernel SELinux/netlink missing access check

Hello all,

On Friday, April 24th Dmitry Vyukov reported a difference in netlink
message handling between SELinux enabled and disabled kernels (archive
link below).  While discussing the issue it became apparent that
SELinux was not properly handling the case where multiple netlink
messages were placed in the sk_buff that is passed to the netlink_send
LSM hook (the SELinux implementation is in selinux_netlink_send()).

A patch has been posted to the SELinux mailing list (archive link
below) and will be sent to Linus shortly for inclusion in an upcoming
Linux v5.7-rcX release.

* SELinux mailing list discussion
- https://lore.kernel.org/selinux/CACT4Y+YTi4JCFRqOB9rgA22S+6xxTo87X41hj6Tdfro8K3ef7g@mail.gmail.com

* Patch which addresses the problem
- https://lore.kernel.org/selinux/158827786575.204093.6741581954492272816.stgit@chester

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.