| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52156B23.7050208@cn.fujitsu.com> Date: Thu, 22 Aug 2013 09:36:35 +0800 From: Gao feng <gaofeng@...fujitsu.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: netdev@...r.kernel.org, systemd-devel@...ts.freedesktop.org, lxc-devel@...ts.sourceforge.net, davem@...emloft.net, Linux Containers <containers@...ts.linux-foundation.org>, "libvir-list@...hat.com" <libvir-list@...hat.com> Subject: Re: [PATCH] netns: unix: only allow to find out unix socket in same net namespace On 08/21/2013 06:42 PM, Eric W. Biederman wrote: > Gao feng <gaofeng@...fujitsu.com> writes: > >> right now I only take note of the unix socket /run/systemd/private, >> but there may have many similar unix sockets, they can exist in any >> path. the strange problems will still happen. > > It could just as easily have been a fifo in the filesystem, and the > result would have been the same. > > The network namespace are all about communicating between network > namespaces and that is what was allowed here. > > If you don't want a socket or a fifo or any other file to be used by a > container don't give it access to it. It really is that simple. > Hmm, I tend to think you are right... Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists