Skip to content

Fix SCTP bind/connect mishandling #40

Open
Open
Fix SCTP bind/connect mishandling#40
Assignees
sm1ling-knight
Labels
bugSomething isn't working
@sm1ling-knight

Description

@sm1ling-knight
sm1ling-knight
opened on Sep 4, 2024

SCTP is connection-oriented protocol that can be used to establish one-to-many and one-to-one communication between endpoints.

One-to-one style can be used by specifying AF_INET family, SOCK_STREAM type and IPPROTO_SCTP protocol value in the socket(2):

int sctp_client_fd;

sctp_client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP);

Current implementation of LANDLOCK_ACCESS_NET_BIND_TCP, LANDLOCK_ACCESS_NET_CONNECT_TCP allows to restrict bind/connect actions for both classic TCP sockets and SCTP sockets.

SCTP allows to bind and connect sockets not only with bind(2), connect(2), but also with setsockopt(3p). Options SCTP_SOCKOPT_CONNECT*, SCTP_SOCKOPT_BIND*, ... (Cf. SCTP) are provided for this purpose.

For example:

setsockopt(sctp_client_fd, IPPROTO_SCTP, SCTP_SOCKOPT_CONNECTX, &addr, sizeof(addr));

It is not possible to restrict such calls using LANDLOCK_ACCESS_NET_BIND_TCP, LANDLOCK_ACCESS_NET_CONNECT_TCP which leads to inconsistency of Landlock behavior.

There are a few ways to fix this issue:

  1. Change behavior of TCP access rights so that they check only classic TCP sockets (with protocol=0).
  2. Implement restriction of SCTP bind/connect via setsockopt(3p). This can be done by adding a hook on security_sctp_bind_connect (Cf. net/sctp/socket.c).

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

Landlock
Status
Ready

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions