| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Apr 2010 17:18:44 -0700 (PDT) From: David Miller <davem@...emloft.net> To: danms@...ibm.com Cc: containers@...ts.osdl.org, netdev@...r.kernel.org Subject: Re: [PATCH 2/4] [RFC] Add sock_create_kern_net() From: Dan Smith <danms@...ibm.com> Date: Fri, 23 Apr 2010 07:55:37 -0700 > This helper allows kernel routines to create a socket in a given netns, > instead of forcing it to the initial or current one. > > I know this seems like it's violating the netns boundary. The intended > use (as in the following patches) is specifically when talking to RTNETLINK > in another netns for the purposes of creating or examining resources there. > It is expected that this will be used for that sort of transient socket > creation only. In other words: If you can create netlink sockets in a remote NS you can also make changes there, and the whole point is to disallow changes. So maybe you won't be making changes, but others will think about using this and doing so. At a high level, I think this is a really bad idea, so I won't be applying this, sorry. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists