lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C16309B.3010908@free.fr> Date: Mon, 14 Jun 2010 15:37:31 +0200 From: Daniel Lezcano <daniel.lezcano@...e.fr> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: David Miller <davem@...emloft.net>, Serge Hallyn <serue@...ibm.com>, Linux Containers <containers@...ts.osdl.org>, netdev@...r.kernel.org, Pavel Emelyanov <xemul@...allels.com> Subject: Re: [PATCH 8/8] af_unix: Allow connecting to sockets in other network namespaces. On 06/13/2010 03:35 PM, Eric W. Biederman wrote: > Remove the restriction that only allows connecting to a unix domain > socket identified by unix path that is in the same network namespace. > > Crossing network namespaces is always tricky and we did not support > this at first, because of a strict policy of don't mix the namespaces. > Later after Pavel proposed this we did not support this because no one > had performed the audit to make certain using unix domain sockets > across namespaces is safe. > > What fundamentally makes connecting to af_unix sockets in other > namespaces is safe is that you have to have the proper permissions on > the unix domain socket inode that lives in the filesystem. If you > want strict isolation you just don't create inodes where unfriendlys > can get at them, or with permissions that allow unfriendlys to open > them. All nicely handled for us by the mount namespace and other > standard file system facilities. > > I looked through unix domain sockets and they are a very controlled > environment so none of the work that goes on in dev_forward_skb to > make crossing namespaces safe appears needed, we are not loosing > controll of the skb and so do not need to set up the skb to look like > it is comming in fresh from the outside world. Further the fields in > struct unix_skb_parms should not have any problems crossing network > namespaces. > > Now that we handle SCM_CREDENTIALS in a way that gives useable values > across namespaces. There does not appear to be any operational > problems with encouraging the use of unix domain sockets across > containers either. > > Signed-off-by: Eric W. Biederman<ebiederm@...ssion.com> > Acked-by: Daniel Lezcano <daniel.lezcano@...e.fr> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists