Roman Kubiak 81bd0d5629 Smack: type confusion in smak sendmsg() handler ...

Smack security handler for sendmsg() syscall
is vulnerable to type confusion issue what
can allow to privilege escalation into root
or cause denial of service.

A malicious attacker can create socket of one
type for example AF_UNIX and pass is into
sendmsg() function ensuring that this is
AF_INET socket.

Remedy
Do not trust user supplied data.
Proposed fix below.

Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Signed-off-by: Mateusz Fruba <m.fruba@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>

2015-12-17 10:21:56 -08:00

..

apparmor

apparmor: clarify CRYPTO dependency

2015-10-22 11:11:28 +11:00

integrity

mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM

2015-11-06 17:50:42 -08:00

keys

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2015-11-05 15:32:38 -08:00

selinux

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-11-10 18:11:41 -08:00

smack

Smack: type confusion in smak sendmsg() handler

2015-12-17 10:21:56 -08:00

tomoyo

LSM: Switch to lists of hooks

2015-05-12 15:00:41 +10:00

yama

Adding YAMA hooks also when YAMA is not stacked.

2015-08-04 01:36:18 +10:00

commoncap.c

capabilities: add a securebit to disable PR_CAP_AMBIENT_RAISE

2015-09-04 16:54:41 -07:00

device_cgroup.c

security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition

2015-09-03 18:13:10 -07:00

inode.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2015-07-04 19:36:06 -07:00

Kconfig

Yama: remove needless CONFIG_SECURITY_YAMA_STACKED

2015-07-28 13:18:19 +10:00

lsm_audit.c

Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next

2015-08-15 13:29:57 +10:00

Makefile

LSM: Switch to lists of hooks

2015-05-12 15:00:41 +10:00

min_addr.c

…

security.c

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2015-09-08 12:41:25 -07:00