lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1hbl7hxo3.fsf@fess.ebiederm.org> Date: Sun, 13 Jun 2010 06:25:32 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: David Miller <davem@...emloft.net> Cc: Serge Hallyn <serue@...ibm.com>, Linux Containers <containers@...ts.osdl.org>, Daniel Lezcano <daniel.lezcano@...e.fr>, <netdev@...r.kernel.org>, Pavel Emelyanov <xemul@...allels.com> Subject: [PATCH 0/8] Support unix domain sockets across namespaces This patchset takes a addressing all of the issues that crop up with unix domain sockets when the senders and receivers are in separate namespaces. Without this patchset we can report the wrong pid and uid values in our unix domain credentials. As a finally this patchset removes the now unnecessary restriction that we only allow unix domain sockets between processes in the same network namespace. Eric W. Biederman (8): scm: Reorder scm_cookie. user_ns: Introduce user_nsmap_uid and user_ns_map_gid. sock: Introduce cred_to_ucred af_unix: Allow SO_PEERCRED to work across namespaces. af_netlink: Add needed scm_destroy after scm_send. scm: Capture the full credentials of the scm sender. af_unix: Allow credentials to work across user and pid namespaces. af_unix: Allow connecting to sockets in other network namespaces. --- include/linux/socket.h | 5 ++ include/linux/user_namespace.h | 14 ++++++ include/net/af_unix.h | 4 +- include/net/scm.h | 30 ++++++++++-- include/net/sock.h | 3 +- kernel/user_namespace.c | 44 ++++++++++++++++++ net/core/scm.c | 24 ++++++++++ net/core/sock.c | 32 +++++++++++--- net/netlink/af_netlink.c | 11 +++- net/unix/af_unix.c | 97 +++++++++++++++++++++++++--------------- 10 files changed, 211 insertions(+), 53 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists