]> git.karo-electronics.de Git - linux-beck.git/commit
projects / linux-beck.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79be093) | patch
Smack: type confusion in smak sendmsg() handler
authorRoman Kubiak <r.kubiak@samsung.com>
Thu, 17 Dec 2015 12:24:35 +0000 (13:24 +0100)
committerCasey Schaufler <casey@schaufler-ca.com>
Thu, 17 Dec 2015 18:21:56 +0000 (10:21 -0800)
commit81bd0d56298f93af6ac233d8a7e8b29aa4b094b7
tree4fb0eb956481a9155e1cd9fffcd04083d3dfc601tree | snapshot
parent79be093500791cc25cc31bcaec5a4db62e21497bcommit | diff
Smack: type confusion in smak sendmsg() handler

Smack security handler for sendmsg() syscall
is vulnerable to type confusion issue what
can allow to privilege escalation into root
or cause denial of service.

A malicious attacker can create socket of one
type for example AF_UNIX and pass is into
sendmsg() function ensuring that this is
AF_INET socket.

Remedy
Do not trust user supplied data.
Proposed fix below.

Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Signed-off-by: Mateusz Fruba <m.fruba@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c diff | blob | history
Beck SC1x5 Kernel