lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 8 Jan 2009 07:27:15 +0300
From:	Evgeniy Polyakov <zbr@...emap.net>
To:	Michael Stone <michael@...top.org>
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH] Security: Implement and document RLIMIT_NETWORK.

On Wed, Jan 07, 2009 at 07:56:21PM -0500, Michael Stone (michael@...top.org) wrote:
> On Thu, Jan 08, 2009 at 12:59:36AM +0300, Evgeniy Polyakov wrote:
> >I meant that connected or accepted socket will not be able to send data
> >via send() call, but will be able to receive data using recv().
> 
> A key fact which may not have stood out, since I didn't comment on it
> explicitly in the code, is that the disqualification tests inserted by
> the __sock_sendmsg() and unix_dgram_sendmsg hunks contain additional
> conditions like
> 
> __sock_sendmsg():
> +               && (msg->msg_name != NULL || msg->msg_namelen != 0))
> 
> unix_dgram_sendmsg():
> +                       && !sunaddr->sun_path[0])
> 
> which return us to the usual codepaths whenever we're dealing with an
> already-connected socket. Since my tests pass, can you post an example
> of a failing send() call which you think should work?

You are right, I misread the documentation part where it is explained
that already connected sockets are allowed to operate. Btw that code
part breaks codying style with trailing '\' and '&&' on the new line.
There should be something wrong in the patch :)

> >Your patch adds a rlimit check into __sock_sendmsg() call, which is
> >invoked via usual send() path, but sendfile() and splice() are still
> >exectuted without this check and thus will be able to send data after
> >rlimit applied.
> 
> As far as I can tell, sendfile() and splice(), which operate solely on
> fds, cannot be used to send messages via a disconnected socket.
> Therefore, I /believe/ that they require no modification. Am I terribly
> mistaken about this?

No you are not, as long as user is allowed to operate with already
connected and/or bound sockets there should be no problems.

-- 
	Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ