linux/net
Catherine Zhang c8c05a8eec [LSM-IPsec]: SELinux Authorize
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations.  In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to delete IPsec policies and security
assocations with security contexts.  Thus a user authorized to change
SAD and SPD can bypass the IPsec policy authorization by simply
deleteing policies with security contexts.  To fix this security hole,
an additional authorization check is added for removing security
policies and security associations with security contexts.

Note that if no security context is supplied on add or present on
policy to be deleted, the SELinux module allows the change
unconditionally.  The hook is called on deletion when no context is
present, which we may want to change.  At present, I left it up to the
module.

LSM changes:

The patch adds two new LSM hooks: xfrm_policy_delete and
xfrm_state_delete.  The new hooks are necessary to authorize deletion
of IPsec policies that have security contexts.  The existing hooks
xfrm_policy_free and xfrm_state_free lack the context to do the
authorization, so I decided to split authorization of deletion and
memory management of security data, as is typical in the LSM
interface.

Use:

The new delete hooks are checked when xfrm_policy or xfrm_state are
deleted by either the xfrm_user interface (xfrm_get_policy,
xfrm_del_sa) or the pfkey interface (pfkey_spddelete, pfkey_delete).

SELinux changes:

The new policy_delete and state_delete functions are added.

Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-17 21:29:45 -07:00
..
802 [TR]: Remove an unused export. 2006-05-16 15:23:40 -07:00
8021q [NET]: Replace skb_pull/skb_postpull_rcsum with skb_pull_rcsum 2006-03-20 22:43:56 -08:00
appletalk [NET]: Fix ipx/econet/appletalk/irda ioctl crashes 2006-03-28 17:02:43 -08:00
atm [NEIGH]: Fix IP-over-ATM and ARP interaction. 2006-05-12 14:56:08 -07:00
ax25 [AX.25]: Eleminate HZ from AX.25 kernel interfaces 2006-05-03 23:27:16 -07:00
bluetooth [BLUETOOTH] sco: Possible double free. 2006-04-09 22:25:29 -07:00
bridge [BRIDGE]: netlink interface for link management 2006-06-17 21:26:14 -07:00
core [I/OAT]: Add a sysctl for tuning the I/OAT offloaded I/O threshold 2006-06-17 21:25:54 -07:00
dccp [I/OAT]: Make sk_eat_skb I/OAT aware. 2006-06-17 21:25:52 -07:00
decnet [DECNET]: Fix level1 router hello 2006-05-03 23:36:23 -07:00
econet [ECONET]: Convert away from SOCKOPS_WRAPPED 2006-03-28 17:02:43 -08:00
ethernet [NET]: Eliminate unused /proc/sys/net/ethernet 2006-06-05 15:34:11 -07:00
ieee80211 [PATCH] softmac: make non-operational after being stopped 2006-05-05 16:55:22 -04:00
ipv4 [IPV4] icmp: Kill local 'ip' arg in icmp_redirect(). 2006-06-17 21:29:41 -07:00
ipv6 [NETFILTER]: conntrack: add sysctl to disable checksumming 2006-06-17 21:28:57 -07:00
ipx [IPX]: Correct return type of ipx_map_frame_type(). 2006-05-16 15:17:49 -07:00
irda [IRDA]: Missing allocation result check in irlap_change_speed(). 2006-06-05 15:34:52 -07:00
key [LSM-IPsec]: SELinux Authorize 2006-06-17 21:29:45 -07:00
lapb [NET]: Kill skb->list 2005-08-29 15:31:14 -07:00
llc [LLC]: Fix double receive of SKB. 2006-06-17 21:29:19 -07:00
netfilter [NETFILTER]: FTP helper: search optimization 2006-06-17 21:29:07 -07:00
netlink Merge branch 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current 2006-05-01 21:43:05 -07:00
netrom [NETROM/ROSE]: Kill module init version kernel log messages. 2006-05-05 17:19:26 -07:00
packet [NET]: Fix some whitespace issues in af_packet.c 2006-01-23 16:28:02 -08:00
rose [NETROM/ROSE]: Kill module init version kernel log messages. 2006-05-05 17:19:26 -07:00
rxrpc [PATCH] fix 'defined but not used' warning in net/rxrpc/main.c::rxrpc_initialise 2006-03-25 08:22:52 -08:00
sched [PKT_SCHED]: Potential jiffy wrap bug in dev_watchdog(). 2006-05-16 15:02:12 -07:00
sctp [SCTP]: Allow linger to abort 1-N style sockets. 2006-05-19 14:32:06 -07:00
sunrpc [PATCH] knfsd: Fix two problems that can cause rmmod nfsd to die 2006-05-23 10:35:31 -07:00
tipc [NET]: Remove redundant NULL checks before [kv]free 2006-04-18 15:57:55 -07:00
unix [PATCH] POLLRDHUP/EPOLLRDHUP handling for half-closed devices notifications 2006-03-25 08:22:56 -08:00
wanrouter [WAN]: Remove broken and unmaintained Sangoma drivers. 2006-04-11 17:28:33 -07:00
x25 [X25]: fix for spinlock recurse and spinlock lockup with timer handler 2006-04-29 18:33:11 -07:00
xfrm [LSM-IPsec]: SELinux Authorize 2006-06-17 21:29:45 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig [TCP]: TCP Probe congestion window tracing 2006-06-17 21:29:31 -07:00
Makefile [TIPC] Initial merge 2006-01-12 14:06:31 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] sockaddr patch 2006-05-01 06:06:10 -04:00
sysctl_net.c [NET]: Eliminate unused /proc/sys/net/ethernet 2006-06-05 15:34:11 -07:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00