Re: RFC: kernel memory leak fix for af_unix datagram getpeersec

From: Stephen Smalley
Date: Wed Jul 26 2006 - 16:47:42 EST

Next message: Adrian Bunk: "Re: the " 'official' point of view" expressed by kernelnewbies.org regarding reiser4 inclusion"
Previous message: andrea: "Re: the " 'official' point of view" expressed by kernelnewbies.org regarding reiser4 inclusion"
In reply to: Catherine Zhang: "RFC: kernel memory leak fix for af_unix datagram getpeersec"
Next in thread: David Miller: "Re: RFC: kernel memory leak fix for af_unix datagram getpeersec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2006-07-26 at 16:19 -0400, Catherine Zhang wrote:
> diff -puN include/net/scm.h~af_unix-datagram-getpeersec-ml-fix include/net/scm.h
> --- linux-2.6.18-rc2/include/net/scm.h~af_unix-datagram-getpeersec-ml-fix 2006-07-22 21:28:21.000000000 -0400
> +++ linux-2.6.18-rc2-cxzhang/include/net/scm.h 2006-07-24 11:19:54.000000000 -0400
> @@ -3,6 +3,7 @@
>
> #include <linux/limits.h>
> #include <linux/net.h>
> +#include <linux/security.h>
>
> /* Well, we should have at least one descriptor open
> * to accept passed FDs 8)
> @@ -20,8 +21,7 @@ struct scm_cookie
> struct ucred creds; /* Skb credentials */
> struct scm_fp_list *fp; /* Passed files */
> #ifdef CONFIG_SECURITY_NETWORK
> - char *secdata; /* Security context */
> - u32 seclen; /* Security length */
> + u32 sid; /* Passed security ID */

I think that "secid" is what has been chosen for security identifiers
outside of the core SELinux code to to avoid confusion with session
identifiers. Lingering references to sid or ctxid are going to be
converted to secid.

> diff -puN net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix net/unix/af_unix.c
> --- linux-2.6.18-rc2/net/unix/af_unix.c~af_unix-datagram-getpeersec-ml-fix 2006-07-22 23:01:26.000000000 -0400
> +++ linux-2.6.18-rc2-cxzhang/net/unix/af_unix.c 2006-07-22 23:14:15.000000000 -0400
> @@ -1323,8 +1299,9 @@ static int unix_dgram_sendmsg(struct kio
> memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
> if (siocb->scm->fp)
> unix_attach_fds(siocb->scm, skb);
> -
> - unix_get_peersec_dgram(skb);
> +#ifdef CONFIG_SECURITY_NETWORK
> + memcpy(UNIXSID(skb), &siocb->scm->sid, sizeof(u32));
> +#endif /* CONFIG_SECURITY_NETWORK */

You want to retain the static inlines, and just update their contents,
not replace them with embedded #ifdefs. And this could be a direct
assignment, right?

--
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "Re: the " 'official' point of view" expressed by kernelnewbies.org regarding reiser4 inclusion"
Previous message: andrea: "Re: the " 'official' point of view" expressed by kernelnewbies.org regarding reiser4 inclusion"
In reply to: Catherine Zhang: "RFC: kernel memory leak fix for af_unix datagram getpeersec"
Next in thread: David Miller: "Re: RFC: kernel memory leak fix for af_unix datagram getpeersec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]