| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Dec 2015 15:35:35 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Jamal Hadi Salim <jhs@...atatu.com> Cc: Stephen Hemminger <stephen@...workplumber.org>, Lorenzo Colitti <lorenzo@...gle.com>, netdev@...r.kernel.org, davem@...emloft.net, hannes@...essinduktion.org, ek@...gle.com, tom@...bertland.com, zenczykowski@...il.com Subject: Re: [PATCH v7 0/4] Support administratively closing application sockets On Wed, 2015-12-16 at 14:55 -0500, Jamal Hadi Salim wrote: > On 15-12-16 10:50 AM, Eric Dumazet wrote: > > On Wed, 2015-12-16 at 07:43 -0800, Stephen Hemminger wrote: > > > >> > >> I see no security checks in the diag infrastructure. > >> Up until now diag has been read-only access and therefore has been > >> allowed for all users. > > > > It is still allowed to all users. > > > > Only the 'destroy' operation is restricted. > > The question i had was the opposite when i saw this: why are > regular users allowed to read admin (and any other users) details?;-> > On this specific feature: why, as a regular user, I cant close > connections attributed to me (and have to use CAP_NET_ADMIN)? I guess that we need to be careful here. socket can be shared by fd passing to multiple users. Who really owns it ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists