| To: | Pablo Neira <pablo@xxxxxxxxxxx> |
|---|---|
| Subject: | Re: [RFC][PATCH 2/3] netlink check sender, audit |
| From: | Pablo Neira <pablo@xxxxxxxxxxx> |
| Date: | Sat, 12 Feb 2005 22:41:14 +0100 |
| Cc: | Chris Wright <chrisw@xxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, sds@xxxxxxxxxxxxxx, serue@xxxxxxxxxx |
| In-reply-to: | <420E334B.8060805@xxxxxxxxxxx> |
| References: | <20050212010109.V24171@xxxxxxxxxxxxxxxxxx> <20050212010243.W24171@xxxxxxxxxxxxxxxxxx> <20050212010504.X24171@xxxxxxxxxxxxxxxxxx> <420E334B.8060805@xxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 |
Pablo Neira wrote: I also see another option which is passing as parameter such function which check for capabilities/audit stuff to my netlink_process_skb function, calling it before process_msg. But in that case, the packet sent by a sender that doesn't has the right to was already enqueued. I understand that this is exactly what you are trying to avoid. With your patch, a message from user space process that doesn't have the capabilites follows this path: sys_sendmsg() -> netlink_sendmsg() -> netlink_unicast() -> netlink_sendskb() = discarded here. Currently, it continues, for example in case of rtnetlink:... -> netlink_sendskb() -> sk_data_ready(sk, len) -> rtnetlink_rcv() -> rtnetlink_rcv_skb() -> rtnetlink_rcv_msg() = discarded here. Nowadays the message is enqueued but it's discarded later. So if I'm not missing anything, I don't see the point of adding a new function to check for capabilities/audit stuff just a bit before. -- Pablo |
| Previous by Date: | Re: 2.6.10 TCP troubles -- suggested patch, Andi Kleen |
|---|---|
| Next by Date: | Re: 2.6.10 TCP troubles -- suggested patch, rick jones |
| Previous by Thread: | Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira |
| Next by Thread: | Re: [RFC][PATCH 2/3] netlink check sender, audit, Stephen Smalley |
| Indexes: | [Date] [Thread] [Top] [All Lists] |