lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120820190915.GA3727@1984>
Date:	Mon, 20 Aug 2012 21:09:15 +0200
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	netdev@...r.kernel.org
Cc:	davem@...emloft.net
Subject: Re: [PATCH 2/2] [RFC] netlink: fix possible spoofing from non-root
 processes

On Sun, Aug 19, 2012 at 11:23:27PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Aug 17, 2012 at 07:22:29PM +0200, pablo@...filter.org wrote:
> [...]
> > [ I don't know any FOSS program making use of Netlink to communicate
> >   to processes, please, let me know if I'm missing anyone important ]
> 
> Patrick pinged me for little reminder on NETLINK_USERSOCK. We still
> have to allow netlink-to-netlink userspace communication for it.
> 
> So, please find a new version of this patch that allows non-root
> processes for that Netlink bus. For others, my patch restricts to root
> processes the ability of sending messages with dst_pid != 0.

Sorry, I just noticed that you cannot apply this to your net tree
since it depends on patch 1/2 which is not a fix.

I'll get back to you with one path that you can apply to your net
tree.

I'll resend 1/2 later to net-next once this has been sorted out.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ