Date: Tue, 20 Sep 2011 08:47:37 +0300 From: Alexey Dobriyan <adobriyan@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Vasiliy Kulikov <segoon@...nwall.com>, Balbir Singh <bsingharora@...il.com>, Shailabh Nagar <nagar@...ibm.com>, linux-kernel@...r.kernel.org, security@...nel.org, Eric Paris <eparis@...hat.com>, Stephen Wilson <wilsons@...rt.ca>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, David Rientjes <rientjes@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Balbir Singh <balbir@...ux.vnet.ibm.com>, kernel-hardening@...ts.openwall.com Subject: Re: [Security] [PATCH 2/2] taskstats: restrict access to user On Mon, Sep 19, 2011 at 10:45:20AM -0700, Linus Torvalds wrote: > On Mon, Sep 19, 2011 at 10:39 AM, Vasiliy Kulikov <segoon@...nwall.com> wrote: > > > > Shouldn't it simply protect taskstats_user_cmd()? You may still poll > > the counters with TASKSTATS_CMD_ATTR_PID/TASKSTATS_CMD_ATTR_TGID. > > Yeah, I wondered where I'd really want to hook it in, that was the > other option. > > However, one thing that I'm currently independently asking some > networking people is whether that patch guarantees anything at all: is > the netlink command even guaranteed to be run in the same context as > the person sending it? > > After all, it comes in as a packet of data. How synchronous is the > genetlink thing guaranteed to be in the first place? > > IOW, are *any* of those "check current capabilities/euid" approaches > really guaranteed to be valid? Are they valid today, will they > necessarily be valid in a year? Netlink was made syncronous by commit cd40b7d3983c708aabe3d3008ec64ffce56d33b0 "[NET]: make netlink user -> kernel interface synchronious".
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.