| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2018 16:27:13 -0700
From: David Ahern <dsahern@...il.com>
To: Christian Brauner <christian.brauner@...ntu.com>,
netdev@...r.kernel.org
Cc: ebiederm@...ssion.com, jbenc@...hat.com, nicolas.dichtel@...nd.com,
linux-kernel@...r.kernel.org
Subject: Re: [RFC net 1/1] rtnetlink: require unique netns identifier
On 2/2/18 1:51 AM, Christian Brauner wrote:
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 56af8e41abfc..d0b7ab22eff4 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -1951,6 +1951,18 @@ static struct net *rtnl_link_get_net_capable(const struct sk_buff *skb,
> return net;
> }
>
> +/* Verify that rtnetlink requests that support network namespace ids do not pass
> + * additional properties that allow to identify a network namespace as they
> + * might conflict.
> + */
> +static int rtnl_ensure_unique_netns_attr(struct nlattr *tb[])
> +{
> + if (tb[IFLA_IF_NETNSID] && (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD]))
> + return -EINVAL;
The days of just returning EINVAL are over; please plumb extack arg to
this message and add a string describing the problem. There are plenty
of examples in rtnetlink.c
Also, what if those NSID's all point to the same namespace? That should
not fail right?
Powered by blists - more mailing lists