| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKD1Yr35Tvi03fpE14j0dk8DuhAWs6KRekd3DzOeq7Hf97CUJg@mail.gmail.com>
Date: Thu, 25 Aug 2016 00:03:02 +0900
From: Lorenzo Colitti <lorenzo@...gle.com>
To: David Ahern <dsa@...ulusnetworks.com>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
David Miller <davem@...emloft.net>, Erik Kline <ek@...gle.com>
Subject: Re: [PATCH net-next v2 2/2] net: diag: allow socket bytecode filters
to match socket marks
On Wed, Aug 24, 2016 at 11:35 PM, David Ahern <dsa@...ulusnetworks.com> wrote:
> sock_diag_destroy already requires ADMIN for destroying sockets, so adding here just prevents listing them. Given that and the fact that the diag API does not pass the mark value is there a reason to add the extra ADMIN check?
Even though the API does not return the mark value, this code allows
the caller to find the mark of any socket simply by performing n=32
socket dumps, each filtering for a mark/mask of 1<<n/1<<n. Each such
dump will reveal bit n in the mark of all sockets in the system.
If you consider socket marks to be information that's private to the
app, then it's appropriate to restrict access to them to NET_ADMIN. I
thought it prudent to do so, particularly since only applications with
NET_ADMIN can set marks in the first place.
Note that a process with NET_ADMIN can already determine the mark of
any given socket (as long as that socket sends a packet) by installing
32 iptables rules that exactly match the socket's 5-tuple and where
each rule checks one bit in the mark. So this patch doesn't expose any
information that was not previously available.
Powered by blists - more mailing lists