lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87si6lvk8z.fsf@x220.int.ebiederm.org>
Date:	Thu, 10 Sep 2015 20:05:00 -0500
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	"Michael J. Coss" <michael.coss@...atel-lucent.com>
Cc:	gregkh@...uxfoundation.org, davem@...emloft.net,
	linux-kernel@...r.kernel.org, containers@...ts.linuxcontainers.org,
	serge.hallyn@...ntu.com, stgraber@...ntu.com
Subject: Re: [PATCH 3/3] net/udevns: Netlink module to forward uevent to containers

"Michael J. Coss" <michael.coss@...atel-lucent.com> writes:

> New generic netlink module to provide an interface with the new
> forwarding interface for uevent.  The driver allows a user to
> direct a uevent as read from the kernel to a specific network
> namespace by providing the uevent message, and a target process id.
> The uapi header file provides the message format.

If we can't just pass the message thourgh I don't expect genetlink is a
particularly good interface for this.

It would be nice if we could open some appropriate thing and the act of
getting a file descriptor ould suppress all of the uevent broadcast
messages in that network namespace.

Further GENL_ADMIN_PERM is an unfortunate choice for a permission check.
I don't see it as exploitable but I am not certain CAP_SYS_ADMIN is the
best capability to check.    Beyond that we probably want to arrange
things so that we can use ns_capable so we can allow containers to hand
off their devices to child containers.

Implementations that do not allow for containers to nest bother me.

> Signed-off-by: Michael J. Coss <michael.coss@...atel-lucent.com>
> ---
>  include/uapi/linux/Kbuild   |   1 +
>  include/uapi/linux/udevns.h |  19 ++++++++
>  net/Kconfig                 |   1 +
>  net/Makefile                |   1 +
>  net/udevns/Kconfig          |   9 ++++
>  net/udevns/Makefile         |   5 ++
>  net/udevns/udevns.c         | 112 ++++++++++++++++++++++++++++++++++++++++++++
>  net/udevns/udevns.h         |  19 ++++++++
>  8 files changed, 167 insertions(+)
>  create mode 100644 include/uapi/linux/udevns.h
>  create mode 100644 net/udevns/Kconfig
>  create mode 100644 net/udevns/Makefile
>  create mode 100644 net/udevns/udevns.c
>  create mode 100644 net/udevns/udevns.h
>
> diff --git a/include/uapi/linux/Kbuild b/include/uapi/linux/Kbuild
> index 1ff9942..9fb9c59 100644
> --- a/include/uapi/linux/Kbuild
> +++ b/include/uapi/linux/Kbuild
> @@ -404,6 +404,7 @@ header-y += toshiba.h
>  header-y += tty_flags.h
>  header-y += tty.h
>  header-y += types.h
> +header-y += udevns.h
>  header-y += udf_fs_i.h
>  header-y += udp.h
>  header-y += uhid.h
> diff --git a/include/uapi/linux/udevns.h b/include/uapi/linux/udevns.h
> new file mode 100644
> index 0000000..f5702f5
> --- /dev/null
> +++ b/include/uapi/linux/udevns.h
> @@ -0,0 +1,19 @@
> +#ifndef _UDEVNS_H_
> +#define _UDEVNS_H_
> +
> +enum udevns_msg_types {
> +	UDEVNS_FORWARD_MSG = 0x1,
> +	UDEVNS_CMD_MAX,
> +};
> +
> +enum udevns_attr {
> +	UDEVNS_UNSPEC,
> +	UDEVNS_PID,
> +	UDEVNS_MSG,
> +	__UDEVNS_ATTR_MAX,
> +};
> +
> +#define UDEVNS_ATTR_MAX (__UDEVNS_ATTR_MAX - 1)
> +#define UDEVNS_VERSION 0x1
> +
> +#endif
> diff --git a/net/Kconfig b/net/Kconfig
> index 57a7c5a..465e288 100644
> --- a/net/Kconfig
> +++ b/net/Kconfig
> @@ -54,6 +54,7 @@ source "net/packet/Kconfig"
>  source "net/unix/Kconfig"
>  source "net/xfrm/Kconfig"
>  source "net/iucv/Kconfig"
> +source "net/udevns/Kconfig"
>  
>  config INET
>  	bool "TCP/IP networking"
> diff --git a/net/Makefile b/net/Makefile
> index 3995613..bde7775 100644
> --- a/net/Makefile
> +++ b/net/Makefile
> @@ -74,3 +74,4 @@ obj-$(CONFIG_HSR)		+= hsr/
>  ifneq ($(CONFIG_NET_SWITCHDEV),)
>  obj-y				+= switchdev/
>  endif
> +obj-$(CONFIG_UDEVNS)	+= udevns/
> diff --git a/net/udevns/Kconfig b/net/udevns/Kconfig
> new file mode 100644
> index 0000000..367e650
> --- /dev/null
> +++ b/net/udevns/Kconfig
> @@ -0,0 +1,9 @@
> +config UDEVNS
> +	tristate "UDEV namespace bridge"
> +	depends on SYSFS
> +	default n
> +	help
> +		This option enables support for explicit forwarding of UDEV events to
> +		other network namespaces
> +
> +		If unsure, say N.
> diff --git a/net/udevns/Makefile b/net/udevns/Makefile
> new file mode 100644
> index 0000000..44c6b12
> --- /dev/null
> +++ b/net/udevns/Makefile
> @@ -0,0 +1,5 @@
> +#
> +# Makefile for the uevent namespace aware forwarder
> +#
> +#
> +obj-$(CONFIG_UDEVNS) += udevns.o
> diff --git a/net/udevns/udevns.c b/net/udevns/udevns.c
> new file mode 100644
> index 0000000..8b23751
> --- /dev/null
> +++ b/net/udevns/udevns.c
> @@ -0,0 +1,112 @@
> +#include <linux/module.h>
> +#include <linux/moduleparam.h>
> +#include <net/sock.h>
> +#include <net/genetlink.h>
> +#include <linux/netlink.h>
> +#include <linux/skbuff.h>
> +#include <linux/fs.h>
> +#include <linux/list.h>
> +#include <linux/slab.h>
> +#include <linux/uaccess.h>
> +#include <linux/kobject.h>
> +#include <linux/sysfs.h>
> +
> +#include "udevns.h"
> +
> +#define DRIVER_AUTHOR "Michael J Coss <michael.coss@...atel-lucent.com>"
> +#define DRIVER_DESC   "new udev namespace bridge"
> +#define DEVICE_NAME   "udevns"
> +
> +#ifdef MODULE
> +#define UDEVNS_NAME (THIS_MODULE->name)
> +#else
> +#define UDEVNS_NAME "udevns"
> +#endif
> +
> +#define UDEVNS_INFO(fmt, args...)                                       \
> +	pr_info("[%s] " fmt, UDEVNS_NAME, ## args)
> +
> +#define UDEVNS_ERROR(fmt, args...)                                      \
> +	pr_err("[ERROR:%s:%s] " fmt, UDEVNS_NAME, __func__, ## args)
> +
> +#define UDEVNS_WARNING(fmt, args...)                                    \
> +	pr_warn("[WARNING:%s:%s] " fmt, UDEVNS_NAME, __func__, ## args)
> +
> +static struct genl_family udevns_genl_family = {
> +	.id      = GENL_ID_GENERATE,
> +	.name    = DEVICE_NAME,
> +	.hdrsize = 0,
> +	.version = UDEVNS_VERSION,
> +	.maxattr = UDEVNS_ATTR_MAX,
> +};
> +
> +static const struct nla_policy udevns_fmsgpolicy[UDEVNS_ATTR_MAX + 1] = {
> +	[UDEVNS_PID] = { .type = NLA_U32 },
> +	[UDEVNS_MSG] = { .type = NLA_STRING, .len =  UEVENT_BUFFER_SIZE},
> +};
> +
> +static int udevns_forwardmsg(struct sk_buff *skb, struct genl_info *info)
> +{
> +	pid_t pid;
> +	char *msg;
> +	int msglen;
> +	int err;
> +
> +	if (!info->attrs[UDEVNS_PID]) {
> +		UDEVNS_WARNING("missing PID from UDEVNS_FORWARD_MSG.\n");
> +		return -EINVAL;
> +	}
> +
> +	if (!info->attrs[UDEVNS_MSG]) {
> +		UDEVNS_WARNING("missing uevent from UDEVNS_FORWARD_MSG.\n");
> +		return -EINVAL;
> +	}
> +
> +	pid = nla_get_u32(info->attrs[UDEVNS_PID]);
> +	msg = nla_data(info->attrs[UDEVNS_MSG]);
> +	msglen = nla_len(info->attrs[UDEVNS_MSG]);
> +
> +	if (msglen < 0) {
> +		UDEVNS_ERROR("Malformed uevent from UDEVNS_FORWARD_MSG.\n");
> +		return -EINVAL;
> +	}
> +
> +	err = kobject_uevent_forward(msg, msglen, pid);
> +	return err;
> +}
> +
> +static struct genl_ops udevns_genl_ops[] = {
> +	{
> +		.cmd    = UDEVNS_FORWARD_MSG,
> +		.flags  = GENL_ADMIN_PERM,
> +		.doit   = udevns_forwardmsg,
> +		.policy = udevns_fmsgpolicy,
> +	},
> +};
> +
> +static int __init udevns_init(void)
> +{
> +	int rc;
> +
> +	UDEVNS_INFO("Starting udevns module\n");
> +	rc = genl_register_family_with_ops(&udevns_genl_family,
> +					   udevns_genl_ops);
> +	if (rc) {
> +		UDEVNS_ERROR("Failed to register netlink interface\n");
> +		return rc;
> +	}
> +	return 0;
> +}
> +
> +static void __exit udevns_exit(void)
> +{
> +	UDEVNS_INFO("Exiting udevns module\n");
> +	genl_unregister_family(&udevns_genl_family);
> +}
> +
> +module_init(udevns_init);
> +module_exit(udevns_exit);
> +
> +MODULE_LICENSE("GPL");
> +MODULE_DESCRIPTION(DRIVER_DESC);
> +MODULE_AUTHOR(DRIVER_AUTHOR);
> diff --git a/net/udevns/udevns.h b/net/udevns/udevns.h
> new file mode 100644
> index 0000000..f5702f5
> --- /dev/null
> +++ b/net/udevns/udevns.h
> @@ -0,0 +1,19 @@
> +#ifndef _UDEVNS_H_
> +#define _UDEVNS_H_
> +
> +enum udevns_msg_types {
> +	UDEVNS_FORWARD_MSG = 0x1,
> +	UDEVNS_CMD_MAX,
> +};
> +
> +enum udevns_attr {
> +	UDEVNS_UNSPEC,
> +	UDEVNS_PID,
> +	UDEVNS_MSG,
> +	__UDEVNS_ATTR_MAX,
> +};
> +
> +#define UDEVNS_ATTR_MAX (__UDEVNS_ATTR_MAX - 1)
> +#define UDEVNS_VERSION 0x1
> +
> +#endif
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ