From dcc55dba560fd6f8bf35876eb60d88175d191fca Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 14 May 2015 12:51:31 -0400 Subject: [PATCH] mcstransd: don't reinvent getpeercon, badly. libselinux provides a proper getpeercon() implementation that uses getsockopt with SO_PEERSEC to reliably obtain the peer's security context from the kernel. mcstransd for reasons unknown rolled its own get_peer_con() function that uses getsockopt SO_PEERCRED to obtain the peer PID and then calls getpidcon_raw(). That's less efficient and less secure (subject to races; peer context may have changed since connect). Don't do that. The peer context doesn't appear to be used for anything currently, although there is a comment suggesting adding a permission check to see if the requester dominates the label to be translated to control what labels can be translated by what peers. Could likely dispense with it altogether. Signed-off-by: Stephen Smalley --- policycoreutils/mcstrans/src/mcstransd.c | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/policycoreutils/mcstrans/src/mcstransd.c b/policycoreutils/mcstrans/src/mcstransd.c index a65076dc..f408e9f8 100644 --- a/policycoreutils/mcstrans/src/mcstransd.c +++ b/policycoreutils/mcstrans/src/mcstransd.c @@ -138,24 +138,6 @@ get_peer_pid(int fd, pid_t *pid) } -static int -get_peer_con(int fd, char **peercon) -{ - int ret; - pid_t pid; - ret = get_peer_pid(fd, &pid); - if (ret) - return -1; - ret = getpidcon_raw(pid, peercon); - if (ret) { - syslog(LOG_ERR, - "Failed to get context of client process (pid=%u)", - pid); - return -1; - } - return 0; -} - static int process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2)) { @@ -164,8 +146,8 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2)) char *peercon = NULL; int ret; - ret = get_peer_con(fd, &peercon); - if (ret) + ret = getpeercon_raw(fd, &peercon); + if (ret < 0) return ret; /* TODO: Check if MLS clearance (in peercon) dominates the MLS label