| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Aug 2012 19:22:27 +0200 From: pablo@...filter.org To: netdev@...r.kernel.org Cc: davem@...emloft.net Subject: [PATCH 0/2] netlink patches From: Pablo Neira Ayuso <pablo@...filter.org> Hi, The following two patches contain one update to replace netlink_set_nonroot and one RFC to resolve possible Netlink spoofing from the kernel itself by disabling one of the Netlink features (please, read [PATCH 2/2] for details). The first patch removes the netlink_set_nonroot to use the recently added struct netlink_kernel_cfg passed to netlink_kernel_create. The second tries to address netlink spoofing for non-root processes from the kernel while disabling the ability of two processes to communicate. Yes, this may be controversial I guess. Specifically for the second patch, please, let me know if I'm missing anything that makes me reach bogus conclusions in the RFC patch. Thanks! Pablo Neira Ayuso (2): netlink: kill netlink_set_nonroot [RFC] netlink: fix possible spoofing from non-root processes include/linux/netlink.h | 9 ++++----- lib/kobject_uevent.c | 2 +- net/core/rtnetlink.c | 2 +- net/netlink/af_netlink.c | 21 ++++++++------------- net/netlink/genetlink.c | 3 +-- security/selinux/netlink.c | 2 +- 6 files changed, 16 insertions(+), 23 deletions(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists