Re: [RFC][PATCH 2/3] netlink check sender, audit

netdev

Re: [RFC][PATCH 2/3] netlink check sender, audit

To:	Pablo Neira <pablo@xxxxxxxxxxx>
Subject:	Re: [RFC][PATCH 2/3] netlink check sender, audit
From:	Chris Wright <chrisw@xxxxxxxx>
Date:	Mon, 14 Feb 2005 19:47:08 -0800
Cc:	Chris Wright <chrisw@xxxxxxxx>, netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, sds@xxxxxxxxxxxxxx, serue@xxxxxxxxxx
In-reply-to:	<42115E7E.6050909@eurodev.net>
References:	<20050212010109.V24171@build.pdx.osdl.net> <20050212010243.W24171@build.pdx.osdl.net> <20050212010504.X24171@build.pdx.osdl.net> <420E334B.8060805@eurodev.net> <420E77FA.6080007@eurodev.net> <20050215001334.GB27645@shell0.pdx.osdl.net> <42115E7E.6050909@eurodev.net>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6i

* Pablo Neira (pablo@xxxxxxxxxxx) wrote:
> Thanks for the explanation. I don't still like so much the new 
> netlink_kernel_create_check function. I think that we could get more 
> variations of netlink_kernel_create in future just to add another 
> feature/checking. So I prefer new function (netlink_kernel_set_check) 

I agree, had the same concern.  I breifly considered an ops struct that
could be passed in during registration so that it could grow a little
easier.

> that set check_sender if it's needed once the netlink socket is created. 
> I've modified your patches to use this function.

Great, thanks.  This is technically racy.  It's possible (albeit small
window) that something could be delivered before this is set.  Using a
callback struct during registration would fix this.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[RFC][PATCH 0/3] netlink check sender, Chris Wright [RFC][PATCH 1/3] netlink check sender, Chris Wright [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright [RFC][PATCH 3/3] netlink check sender, rtnetlink, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Stephen Smalley Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright <= Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, James Morris Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley Re: [RFC][PATCH 1/3] netlink check sender, Chris Wright Re: [RFC][PATCH 1/3] netlink check sender, Chris Wright

Previous by Date:	Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira
Next by Date:	Re: [PATCH] natsemi: long cable, short cable, Gary Spiess
Previous by Thread:	Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira
Next by Thread:	Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira
Indexes:	[Date] [Thread] [Top] [All Lists]