From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public•gmane.org (Eric W. Biederman)
To: Jan Kaluza <jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public•gmane.org>
Cc: davem-fT/PcQaiUtIeIZ0/mPfg9Q@public•gmane.org,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public•gmane.org>,
netdev-u79uwXL29TY76Z2rM5mHXA@public•gmane.org,
eparis-H+wXaHxf7aLQT0dZR+AlfA@public•gmane.org,
rgb-H+wXaHxf7aLQT0dZR+AlfA@public•gmane.org,
tj-DgEjT+Ai2ygdnm+yROfE0A@public•gmane.org,
lizefan-hv44wF8Li93QT0dZR+AlfA@public•gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public•gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public•gmane.org,
viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public•gmane.org
Subject: Re: [PATCH v3 1/3] Send loginuid and sessionid in SCM_AUDIT
Date: Wed, 04 Sep 2013 00:22:12 -0700 [thread overview]
Message-ID: <87bo49gifv.fsf@xmission.com> (raw)
In-Reply-To: <1378275261-4553-2-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> (Jan Kaluza's message of "Wed, 4 Sep 2013 08:14:19 +0200")
Jan Kaluza <jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public•gmane.org> writes:
> Server-like processes in many cases need credentials and other
> metadata of the peer, to decide if the calling process is allowed to
> request a specific action, or the server just wants to log away this
> type of information for auditing tasks.
>
> The current practice to retrieve such process metadata is to look that
> information up in procfs with the $PID received over SCM_CREDENTIALS.
> This is sufficient for long-running tasks, but introduces a race which
> cannot be worked around for short-living processes; the calling
> process and all the information in /proc/$PID/ is gone before the
> receiver of the socket message can look it up.
>
> This introduces a new SCM type called SCM_AUDIT to allow the direct
> attaching of "loginuid" and "sessionid" to SCM, which is significantly more
> efficient and will reliably avoid the race with the round-trip over
> procfs.
Unless I am misreading something this patch will break the build if
CONFIG_AUDITSYSCALL is not defined.
Eric
> Signed-off-by: Jan Kaluza <jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public•gmane.org>
> ---
> include/linux/socket.h | 6 ++++++
> include/net/af_unix.h | 2 ++
> include/net/scm.h | 28 ++++++++++++++++++++++++++--
> net/unix/af_unix.c | 7 +++++++
> 4 files changed, 41 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/socket.h b/include/linux/socket.h
> index 445ef75..505047a 100644
> --- a/include/linux/socket.h
> +++ b/include/linux/socket.h
> @@ -130,6 +130,7 @@ static inline struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr
> #define SCM_RIGHTS 0x01 /* rw: access rights (array of int) */
> #define SCM_CREDENTIALS 0x02 /* rw: struct ucred */
> #define SCM_SECURITY 0x03 /* rw: security label */
> +#define SCM_AUDIT 0x04 /* rw: struct uaudit */
>
> struct ucred {
> __u32 pid;
> @@ -137,6 +138,11 @@ struct ucred {
> __u32 gid;
> };
>
> +struct uaudit {
> + __u32 loginuid;
> + __u32 sessionid;
> +};
> +
> /* Supported address families. */
> #define AF_UNSPEC 0
> #define AF_UNIX 1 /* Unix domain sockets */
> diff --git a/include/net/af_unix.h b/include/net/af_unix.h
> index a175ba4..3b9d22a 100644
> --- a/include/net/af_unix.h
> +++ b/include/net/af_unix.h
> @@ -36,6 +36,8 @@ struct unix_skb_parms {
> u32 secid; /* Security ID */
> #endif
> u32 consumed;
> + kuid_t loginuid;
> + unsigned int sessionid;
> };
>
> #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
> diff --git a/include/net/scm.h b/include/net/scm.h
> index 8de2d37..e349a25 100644
> --- a/include/net/scm.h
> +++ b/include/net/scm.h
> @@ -6,6 +6,7 @@
> #include <linux/security.h>
> #include <linux/pid.h>
> #include <linux/nsproxy.h>
> +#include <linux/audit.h>
>
> /* Well, we should have at least one descriptor open
> * to accept passed FDs 8)
> @@ -18,6 +19,11 @@ struct scm_creds {
> kgid_t gid;
> };
>
> +struct scm_audit {
> + kuid_t loginuid;
> + unsigned int sessionid;
> +};
> +
> struct scm_fp_list {
> short count;
> short max;
> @@ -28,6 +34,7 @@ struct scm_cookie {
> struct pid *pid; /* Skb credentials */
> struct scm_fp_list *fp; /* Passed files */
> struct scm_creds creds; /* Skb credentials */
> + struct scm_audit audit; /* Skb audit */
> #ifdef CONFIG_SECURITY_NETWORK
> u32 secid; /* Passed security ID */
> #endif
> @@ -58,6 +65,13 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm,
> scm->creds.gid = gid;
> }
>
> +static inline void scm_set_audit(struct scm_cookie *scm,
> + kuid_t loginuid, unsigned int sessionid)
> +{
> + scm->audit.loginuid = loginuid;
> + scm->audit.sessionid = sessionid;
> +}
> +
> static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
> {
> put_pid(scm->pid);
> @@ -77,8 +91,12 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
> memset(scm, 0, sizeof(*scm));
> scm->creds.uid = INVALID_UID;
> scm->creds.gid = INVALID_GID;
> - if (forcecreds)
> - scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
> + if (forcecreds) {
> + scm_set_cred(scm, task_tgid(current), current_uid(),
> + current_gid());
> + scm_set_audit(scm, audit_get_loginuid(current),
> + audit_get_sessionid(current));
> + }
> unix_get_peersec_dgram(sock, scm);
> if (msg->msg_controllen <= 0)
> return 0;
> @@ -123,7 +141,13 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
> .uid = from_kuid_munged(current_ns, scm->creds.uid),
> .gid = from_kgid_munged(current_ns, scm->creds.gid),
> };
> + struct uaudit uaudits = {
> + .loginuid = from_kuid_munged(current_ns,
> + scm->audit.loginuid),
> + .sessionid = scm->audit.sessionid,
> + };
> put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
> + put_cmsg(msg, SOL_SOCKET, SCM_AUDIT, sizeof(uaudits), &uaudits);
> }
>
> scm_destroy_cred(scm);
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index 86de99a..c410f76 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -1393,6 +1393,8 @@ static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool sen
> UNIXCB(skb).pid = get_pid(scm->pid);
> UNIXCB(skb).uid = scm->creds.uid;
> UNIXCB(skb).gid = scm->creds.gid;
> + UNIXCB(skb).loginuid = scm->audit.loginuid;
> + UNIXCB(skb).sessionid = scm->audit.sessionid;
> UNIXCB(skb).fp = NULL;
> if (scm->fp && send_fds)
> err = unix_attach_fds(scm, skb);
> @@ -1416,6 +1418,8 @@ static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock,
> test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) {
> UNIXCB(skb).pid = get_pid(task_tgid(current));
> current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid);
> + UNIXCB(skb).loginuid = audit_get_loginuid(current);
> + UNIXCB(skb).sessionid = audit_get_sessionid(current);
> }
> }
>
> @@ -1812,6 +1816,7 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
> memset(&tmp_scm, 0, sizeof(tmp_scm));
> }
> scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
> + scm_set_audit(siocb->scm, UNIXCB(skb).loginuid, UNIXCB(skb).sessionid);
> unix_set_secdata(siocb->scm, skb);
>
> if (!(flags & MSG_PEEK)) {
> @@ -1993,6 +1998,8 @@ again:
> } else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
> /* Copy credentials */
> scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid);
> + scm_set_audit(siocb->scm, UNIXCB(skb).loginuid,
> + UNIXCB(skb).sessionid);
> check_creds = 1;
> }
next prev parent reply other threads:[~2013-09-04 7:22 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-27 14:39 [PATCH 0/3] Send audit/procinfo/cgroup data in socket-level control message Jan Kaluza
2013-08-27 14:39 ` [PATCH 1/3] Send loginuid and sessionid in SCM_AUDIT Jan Kaluza
2013-08-27 14:39 ` [PATCH 2/3] Send comm and cmdline in SCM_PROCINFO Jan Kaluza
2013-09-09 6:52 ` Eric W. Biederman
2013-08-27 14:40 ` [PATCH 3/3] Send cgroup_path in SCM_CGROUP Jan Kaluza
2013-08-28 14:00 ` Tejun Heo
[not found] ` <1377614400-27122-1-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-29 14:13 ` [PATCH v2 0/3] Send audit/procinfo/cgroup data in socket-level control message Jan Kaluza
[not found] ` <1377785602-10766-1-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-08-29 14:13 ` [PATCH v2 1/3] Send loginuid and sessionid in SCM_AUDIT Jan Kaluza
2013-08-29 14:13 ` [PATCH v2 2/3] Send comm and cmdline in SCM_PROCINFO Jan Kaluza
2013-08-29 14:13 ` [PATCH v2 3/3] Send cgroup_path in SCM_CGROUP Jan Kaluza
[not found] ` <1377785602-10766-4-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-09-02 17:17 ` Kay Sievers
2013-09-04 6:14 ` [PATCH v3 0/3] Send audit/procinfo/cgroup data in socket-level control message Jan Kaluza
[not found] ` <1378275261-4553-1-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-09-04 6:14 ` [PATCH v3 1/3] Send loginuid and sessionid in SCM_AUDIT Jan Kaluza
[not found] ` <1378275261-4553-2-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-09-04 7:22 ` Eric W. Biederman [this message]
[not found] ` <87bo49gifv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-04 9:07 ` Jan Kaluža
2013-09-04 6:14 ` [PATCH v3 2/3] Send comm and cmdline in SCM_PROCINFO Jan Kaluza
2013-09-04 7:42 ` [PATCH v3 0/3] Send audit/procinfo/cgroup data in socket-level control message Eric W. Biederman
[not found] ` <878uzdf2xp.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-04 14:45 ` Tejun Heo
2013-09-04 14:58 ` Richard Guy Briggs
[not found] ` <20130904145830.GC28517-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2013-09-04 15:04 ` Jan Kaluža
2013-09-04 15:20 ` Richard Guy Briggs
[not found] ` <20130904152022.GD28517-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2013-09-04 15:30 ` Eric Dumazet
2013-09-04 15:40 ` Jan Kaluža
2013-09-04 6:14 ` [PATCH v3 3/3] Send cgroup_path in SCM_CGROUP Jan Kaluza
2014-01-13 8:01 ` [PATCH v4 0/3] Send audit/procinfo/cgroup data in socket-level control message Jan Kaluza
[not found] ` <1389600109-30739-1-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-13 8:01 ` [PATCH v4 1/3] Send loginuid and sessionid in SCM_AUDIT Jan Kaluza
[not found] ` <1389600109-30739-2-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-15 4:02 ` Richard Guy Briggs
2014-01-13 8:01 ` [PATCH v4 2/3] Send comm and cmdline in SCM_PROCINFO Jan Kaluza
[not found] ` <1389600109-30739-3-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-15 4:03 ` Richard Guy Briggs
2014-01-13 8:01 ` [PATCH v4 3/3] Send cgroup_path in SCM_CGROUP Jan Kaluza
[not found] ` <1389600109-30739-4-git-send-email-jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-13 16:52 ` Tejun Heo
2014-01-13 16:55 ` [PATCH v4 0/3] Send audit/procinfo/cgroup data in socket-level control message Tejun Heo
2014-01-15 20:17 ` David Miller
[not found] ` <20140115.121730.1984913330507219167.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2014-01-15 23:21 ` Eric Paris
[not found] ` <1389828103.681.34.camel-OjZBOOqb7SR7cYLChsl7DafLeoKvNuZc@public.gmane.org>
2014-01-15 23:23 ` Tejun Heo
[not found] ` <20140115232345.GA22237-9pTldWuhBndy/B6EtB590w@public.gmane.org>
2014-01-16 9:29 ` Jan Kaluža
[not found] ` <52D7A68F.5030700-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-23 19:31 ` Kay Sievers
2014-01-13 19:44 ` Casey Schaufler
[not found] ` <52D44206.2000906-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2014-01-14 8:25 ` Jan Kaluža
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bo49gifv.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public$(echo .)gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public$(echo .)gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public$(echo .)gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public$(echo .)gmane.org \
--cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public$(echo .)gmane.org \
--cc=jkaluza-H+wXaHxf7aLQT0dZR+AlfA@public$(echo .)gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public$(echo .)gmane.org \
--cc=lizefan-hv44wF8Li93QT0dZR+AlfA@public$(echo .)gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public$(echo .)gmane.org \
--cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public$(echo .)gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public$(echo .)gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public$(echo .)gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox