Re: [RFC][PATCH 2/3] netlink check sender, audit

To:	Chris Wright <chrisw@xxxxxxxx>
Subject:	Re: [RFC][PATCH 2/3] netlink check sender, audit
From:	Pablo Neira <pablo@xxxxxxxxxxx>
Date:	Sat, 12 Feb 2005 17:48:11 +0100
Cc:	netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, sds@xxxxxxxxxxxxxx, serue@xxxxxxxxxx
In-reply-to:	<20050212010504.X24171@build.pdx.osdl.net>
References:	<20050212010109.V24171@build.pdx.osdl.net> <20050212010243.W24171@build.pdx.osdl.net> <20050212010504.X24171@build.pdx.osdl.net>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5

Chris Wright wrote:

Add audit_check_sender() function for audit netlink messages.  This can also
be used to set the loginuid, although I left that off for the moment.

===== kernel/audit.c 1.9 vs edited =====
--- 1.9/kernel/audit.c  2005-01-30 22:33:47 -08:00
+++ edited/kernel/audit.c       2005-02-11 22:25:33 -08:00
@@ -309,27 +309,36 @@ nlmsg_failure:                    /* Used by NLMSG_PUT */
 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit
 * control messages.
 */
-static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
+static int audit_check_sender(struct sk_buff *skb)
{
-       int err = 0;
+       struct nlmsghdr *nlh;
+       u16 msg_type;
+       int err = -EINVAL;

+ if (skb->len < NLMSG_LENGTH(0)) + goto out; + + nlh = (struct nlmsghdr *)skb->data; + msg_type = nlh->nlmsg_type;

You're introducing some kind of check for malformed packets here as well, don't you think that such thing should be done by the receiver ?

I also see another option which is passing as parameter such function which check for capabilities/audit stuff to my netlink_process_skb function, calling it before process_msg. But in that case, the packet sent by a sender that doesn't has the right to was already enqueued. I understand that this is exactly what you are trying to avoid.

--
Pablo

<Prev in Thread]	Current Thread	[Next in Thread>
[RFC][PATCH 0/3] netlink check sender, Chris Wright [RFC][PATCH 1/3] netlink check sender, Chris Wright [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright [RFC][PATCH 3/3] netlink check sender, rtnetlink, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira <= Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Stephen Smalley Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira Re: [RFC][PATCH 2/3] netlink check sender, audit, Chris Wright

Previous by Date:	Re: 2.6.10 TCP troubles -- suggested patch, Alexey Kuznetsov
Next by Date:	the remaining purpose of cmsg_nxthdr(), Olaf Hering
Previous by Thread:	[RFC][PATCH 3/3] netlink check sender, rtnetlink, Chris Wright
Next by Thread:	Re: [RFC][PATCH 2/3] netlink check sender, audit, Pablo Neira
Indexes:	[Date] [Thread] [Top] [All Lists]