Re: [Security] [PATCH 2/2] taskstats: restrict access to user

[Alexey Dobriyan]

On Mon, Sep 19, 2011 at 10:45:20AM -0700, Linus Torvalds wrote:
> On Mon, Sep 19, 2011 at 10:39 AM, Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:
> >
> > Shouldn't it simply protect taskstats_user_cmd()?  You may still poll
> > the counters with TASKSTATS_CMD_ATTR_PID/TASKSTATS_CMD_ATTR_TGID.
> 
> Yeah, I wondered where I'd really want to hook it in, that was the
> other option.
> 
> However, one thing that I'm currently independently asking some
> networking people is whether that patch guarantees anything at all: is
> the netlink command even guaranteed to be run in the same context as
> the person sending it?
> 
> After all, it comes in as a packet of data.  How synchronous is the
> genetlink thing guaranteed to be in the first place?
> 
> IOW, are *any* of those "check current capabilities/euid" approaches
> really guaranteed to be valid? Are they valid today, will they
> necessarily be valid in a year?

Netlink was made syncronous by commit cd40b7d3983c708aabe3d3008ec64ffce56d33b0
"[NET]: make netlink user -> kernel interface synchronious".
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/