| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Mar 2017 21:06:47 +0900
From: Lorenzo Colitti <lorenzo@...gle.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: Chenbo Feng <chenbofeng.kernel@...il.com>,
Network Development <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Alexei Starovoitov <ast@...com>,
Daniel Borkmann <daniel@...earbox.net>,
Willem de Bruijn <willemb@...gle.com>,
Chenbo Feng <fengc@...gle.com>
Subject: Re: [PATCH net-next v7 2/3] Add a eBPF helper function to retrieve
socket uid
On Wed, Mar 22, 2017 at 8:09 PM, Willem de Bruijn
<willemdebruijn.kernel@...il.com> wrote:
>> + if (!sk || !sk_fullsock(sk))
>> + return overflowuid;
>> + kuid = sock_net_uid(sock_net(sk), sk);
>> + return from_kuid_munged(&init_user_ns, kuid);
>
> Ideally, this would be the user namespace relative to the BPF program.
What about sock_net(sk)->user_ns? We've already matched a socket, and
it's guaranteed to be a full socket and non-NULL (otherwise we've
already returned overflowuid), so it seems like the most correct
namespace to use is the one of the socket we've matched. Given that sk
is non-NULL, sock_net_uid just returns sk->sk_uid, so I think you can
just write this as:
if (!sk || !sk_fullsock(sk))
return overflowuid;
return from_kuid_munged(sock_net(sk)->user_ns, sk->uid);
Powered by blists - more mailing lists