lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 Mar 2023 17:48:18 +0000
From:   Anjali Kulkarni <anjali.k.kulkarni@...cle.com>
To:     Jakub Kicinski <kuba@...nel.org>
CC:     "davem@...emloft.net" <davem@...emloft.net>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        "zbr@...emap.net" <zbr@...emap.net>,
        "brauner@...nel.org" <brauner@...nel.org>,
        "johannes@...solutions.net" <johannes@...solutions.net>,
        "ecree.xilinx@...il.com" <ecree.xilinx@...il.com>,
        "leon@...nel.org" <leon@...nel.org>,
        "keescook@...omium.org" <keescook@...omium.org>,
        "socketcan@...tkopp.net" <socketcan@...tkopp.net>,
        "petrm@...dia.com" <petrm@...dia.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH v3 6/7] netlink: Add multicast group level permissions



> On Mar 31, 2023, at 10:24 AM, Jakub Kicinski <kuba@...nel.org> wrote:
> 
> On Fri, 31 Mar 2023 17:00:27 +0000 Anjali Kulkarni wrote:
>>> Is there a reason this is better than implementing .bind
>>> in the connector family and filtering there?  
>> 
>> Are you suggesting adding something like a new struct proto_ops for
>> the connector family? I have not looked into that, though that would
>> seem like a lot of work, and also I have not seen any infra structure
>> to call into protocol specific bind from netlink bind?
> 
> Where you're adding a release callback in patch 2 - there's a bind
> callback already three lines above. What am I missing?
Ah yes, that one is actually meant to be used for adding(bind) and deleting(unbind) multicast group memberships. So it is also called from setsockopt() - so I think just checking for root access permission changes the semantics of what it is meant to be used for? Besides we would need to change some of that ordering there (check for permissions & netlink_bind call) and changing it for all users of netlink might not be a good idea…?

Anjali

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ