lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 Apr 2014 21:05:56 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	vgoyal@...hat.com
Cc:	luto@...capital.net, linux-kernel@...r.kernel.org,
	cgroups@...r.kernel.org, netdev@...r.kernel.org, tj@...nel.org,
	ssorce@...hat.com, lpoetter@...hat.com, kay@...hat.com,
	dwalsh@...hat.com
Subject: Re: [PATCH 2/2] net: Implement SO_PASSCGROUP to enable passing
 cgroup path

From: Vivek Goyal <vgoyal@...hat.com>
Date: Tue, 15 Apr 2014 20:20:10 -0400

> On Tue, Apr 15, 2014 at 02:53:13PM -0700, Andy Lutomirski wrote:
>> On Tue, Apr 15, 2014 at 2:15 PM, Vivek Goyal <vgoyal@...hat.com> wrote:
>> > This patch implements socket option SO_PASSCGROUP along the lines of
>> > SO_PASSCRED.
>> >
>> > If SO_PASSCGROUP is set, then recvmsg() will get a control message
>> > SCM_CGROUP which will contain the cgroup path of sender. This cgroup
>> > belongs to first mounted hierarchy in the sytem.
>> >
>> > SCM_CGROUP control message can only be received and sender can not send
>> > a SCM_CGROUP message. Kernel automatically generates one if receiver
>> > chooses to receive one.
>> >
>> > This works both for unix stream and datagram sockets.
>> >
>> > cgroup information is passed only if either the sender or receiver has
>> > SO_PASSCGROUP option set. This means for existing workloads they should
>> > not see any significant performance impact of this change.
>> 
>> This is odd.  Shouldn't an SCM_CGROUP cmsg be generated when the
>> receiver has SO_PASSCGROUP set and the sender passes SCM_CGROUP to
>> sendmsg?
> 
> How can receiver trust the cgroup info generated by sender. It needs to
> be generated by kernel so that receiver can trust it.
> 
> And if receiver needs to know cgroup of sender, receiver can just set
> SO_PASSCGROUP on socket and receiver should get one SCM_CGROUP message
> with each message received.

I completely agree.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ