Linux kernel SELinux/netlink missing access check

[Paul Moore <paul () paul-moore com>]

Hello all,

On Friday, April 24th Dmitry Vyukov reported a difference in netlink
message handling between SELinux enabled and disabled kernels (archive
link below).  While discussing the issue it became apparent that
SELinux was not properly handling the case where multiple netlink
messages were placed in the sk_buff that is passed to the netlink_send
LSM hook (the SELinux implementation is in selinux_netlink_send()).

A patch has been posted to the SELinux mailing list (archive link
below) and will be sent to Linus shortly for inclusion in an upcoming
Linux v5.7-rcX release.

* SELinux mailing list discussion
- https://lore.kernel.org/selinux/CACT4Y+YTi4JCFRqOB9rgA22S+6xxTo87X41hj6Tdfro8K3ef7g () mail gmail com

* Patch which addresses the problem
- https://lore.kernel.org/selinux/158827786575.204093.6741581954492272816.stgit@chester

-- 
paul moore
www.paul-moore.com