Hi:
The recent thread on NLMSG_OK has reminded me about an old problem
with NETLINK.
The problem is that any user on the system can launch a DoS attack on
any NETLINK application by flooding its NETLINK address with packets.
This will easily fill up the receive queue of the destination
application and therefore cause legitimate packets from the kernel
or elsewhere to be dropped.
The solution seems simple. We already have a connect(2) call for
NETLINK sockets. So why don't we check the connected address of
the destination socket against the address of the sender before
putting the packet on the queue?
Any comments before I go ahead and code it?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|