lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 22 Mar 2017 11:09:38 +0000
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Chenbo Feng <chenbofeng.kernel@...il.com>
Cc:     Network Development <netdev@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Lorenzo Colitti <lorenzo@...gle.com>,
        Willem de Bruijn <willemb@...gle.com>,
        Chenbo Feng <fengc@...gle.com>
Subject: Re: [PATCH net-next v7 2/3] Add a eBPF helper function to retrieve
 socket uid

> +BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb)
> +{
> +       struct sock *sk = sk_to_full_sk(skb->sk);
> +       kuid_t kuid;
> +
> +       if (!sk || !sk_fullsock(sk))
> +               return overflowuid;
> +       kuid = sock_net_uid(sock_net(sk), sk);
> +       return from_kuid_munged(&init_user_ns, kuid);

Ideally, this would be the user namespace relative to the BPF program.

With no such association stored, using init_user_ns is fine. But if we
define it as such now, we cannot change it to resolve userns later.

We could associate a BPF program with the userns of the process that
loads the program. And expose bpf_prog state to external functions,
for instance through a perpcu local variable.

Also, unconditionally using init_user_ns will allow a process
sandboxed in a user namespace to learn its uid in the initns. If the
initns is not its parentns, this may be a new capability.

Powered by blists - more mailing lists