Re: [PATCH] scm: fold __scm_send() into scm_send()

* Andrew Morton ([email protected]) wrote:
> Chris Wright <[email protected]> wrote:
> > Catherine, the security_sid_to_context() is a raw SELinux function which
> > crept into core code and should not have been there.  The fallout fixes
> > included conditionally exporting security_sid_to_context, and finally
> > scm_send/recv unlining.
> 
> Yes.  So we're OK up the uninlining, right?

Yes, although sid_to_context is meant to be analog to the other
get_peersec calls, and should really be made a proper part of the
interface (can be done later, correctness is the issue at hand).

> >  The end result in -mm looks broken to me.
> > Specifically, it now does:
> > 
> > 	ucred->uid = tsk->uid;
> > 	ucred->gid = tsk->gid;
> > 	ucred->pid = tsk->tgid;
> > 	scm->fp = NULL;
> > 	scm->seq = 0;
> > 	if (msg->msg_controllen <= 0)
> > 		return 0;
> > 
> > 	scm->sid = security_sk_sid(sock->sk, NULL, 0);
> > 
> > The point of Catherine's original patch was to make sure there's always
> > a security identifier associated with AF_UNIX messages.  So receiver
> > can always check it (same as having credentials even w/out sender
> > control message passing them).  Now we will have garbage for sid.
> 
> This answers the question I've been asking all and sundry for a week, thanks ;)
> So:
> 
> - scm-fold-__scm_send-into-scm_send.patch is OK

Yes.

> - scm_send-speedup.patch is wrong

Yes.

> - Catherine's patch introduces a possibly-significant performance
>   problem: we're now calling the expensive-on-SELinux security_sk_sid()
>   more frequently than we used to.

I don't expect security_sk_sid() to be terribly expensive.  It's not
an AVC check, it's just propagating a label.  But I've not done any
benchmarking on that.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH] scm: fold __scm_send() into scm_send()
  - From: Stephen Smalley <[email protected]>

References:
- [PATCH] scm: fold __scm_send() into scm_send()
  - From: Ingo Oeser <[email protected]>
- Re: [PATCH] scm: fold __scm_send() into scm_send()
  - From: Andrew Morton <[email protected]>
- Re: [PATCH] scm: fold __scm_send() into scm_send()
  - From: Ingo Oeser <[email protected]>
- Re: [PATCH] scm: fold __scm_send() into scm_send()
  - From: Chris Wright <[email protected]>
- Re: [PATCH] scm: fold __scm_send() into scm_send()
  - From: Chris Wright <[email protected]>
- Re: [PATCH] scm: fold __scm_send() into scm_send()
  - From: Andrew Morton <[email protected]>

Prev by Date: Re: TSO and IPoIB performance degradation
Next by Date: Re: [PATCH] Fix console utf8 composing (F)
Previous by thread: Re: [PATCH] scm: fold __scm_send() into scm_send()
Next by thread: Re: [PATCH] scm: fold __scm_send() into scm_send()
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]