lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m1hbl7hxo3.fsf@fess.ebiederm.org>
Date:	Sun, 13 Jun 2010 06:25:32 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	David Miller <davem@...emloft.net>
Cc:	Serge Hallyn <serue@...ibm.com>,
	Linux Containers <containers@...ts.osdl.org>,
	Daniel Lezcano <daniel.lezcano@...e.fr>,
	<netdev@...r.kernel.org>, Pavel Emelyanov <xemul@...allels.com>
Subject: [PATCH 0/8] Support unix domain sockets across namespaces


This patchset takes a addressing all of the issues that crop up with
unix domain sockets when the senders and receivers are in separate
namespaces.

Without this patchset we can report the wrong pid and uid
values in our unix domain credentials.

As a finally this patchset removes the now unnecessary restriction
that we only allow unix domain sockets between processes in the
same network namespace.

Eric W. Biederman (8):
      scm: Reorder scm_cookie.
      user_ns: Introduce user_nsmap_uid and user_ns_map_gid.
      sock: Introduce cred_to_ucred
      af_unix: Allow SO_PEERCRED to work across namespaces.
      af_netlink: Add needed scm_destroy after scm_send.
      scm: Capture the full credentials of the scm sender.
      af_unix: Allow credentials to work across user and pid namespaces.
      af_unix: Allow connecting to sockets in other network namespaces.

---
 include/linux/socket.h         |    5 ++
 include/linux/user_namespace.h |   14 ++++++
 include/net/af_unix.h          |    4 +-
 include/net/scm.h              |   30 ++++++++++--
 include/net/sock.h             |    3 +-
 kernel/user_namespace.c        |   44 ++++++++++++++++++
 net/core/scm.c                 |   24 ++++++++++
 net/core/sock.c                |   32 +++++++++++---
 net/netlink/af_netlink.c       |   11 +++-
 net/unix/af_unix.c             |   97 +++++++++++++++++++++++++---------------
 10 files changed, 211 insertions(+), 53 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ