netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Anton Blanchard <anton@samba.org>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: mjt@tls.msk.ru, davem@davemloft.net, casey@schaufler-ca.com,
	netdev@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem.
Date: Mon, 25 Jul 2011 22:20:10 +1000	[thread overview]
Message-ID: <20110725222010.0b284042@kryten> (raw)
In-Reply-To: <201107231939.FIF21882.QHOSOFtMFVLFOJ@I-love.SAKURA.ne.jp>


Hi,

> > (I noticed samba.org address in the Cc list).
> 
> That's because Anton Blanchard is author of sendmmsg() system call.

Ignore the From address - I wasn't adding sendmmsg with samba in mind.

> > When I saw recvmmsg()/sendmmsg() here, my first thought was an
> > authoritative DNS server which can read several requests at a
> > time and answer them all at once too - this way it all will go
> > to different addresses.
> 
> I don't know what application wants sendmmsg(). Since users can send
> up to UIO_MAXIOV (= 1024) "struct iovec" blocks using sendmsg(), they
> will use sendmsg() rather than sendmmsg() if the destination address
> are the same.

But if an application needs to maintain packet boundaries, then sendmsg
isn't going to help is it?
 
> Therefore, I guess users will use sendmmsg() for sending to multiple
> different destination addresses. If so, optimization based on
> destination address will do more harm than benefit; simply passing
> nosec flag down to LSM modules (so that SELinux will skip
> sock_has_perm() call and SMACK will not skip smack_netlabel_send()
> call) will be sufficient for 3.0.x stable release.
> 
> Anton, how do you want to use sendmmsg()?

I was using it for packet generation, using raw sockets.

Anton

  reply	other threads:[~2011-07-25 12:20 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <201107110304.p6B34422036886@www262.sakura.ne.jp>
     [not found] ` <201107191754.22391.paul.moore@hp.com>
     [not found]   ` <201107200142.p6K1gKYg077046@www262.sakura.ne.jp>
     [not found]     ` <201107211721.14511.paul.moore@hp.com>
2011-07-22 11:41       ` Question regarding sendmmsg() Tetsuo Handa
2011-07-22 12:27         ` Tetsuo Handa
2011-07-22 15:12           ` [PATCH] net: Fix security_socket_sendmsg() bypass problem Tetsuo Handa
2011-07-22 15:22             ` David Miller
2011-07-22 17:42               ` Tetsuo Handa
2011-07-22 18:31                 ` Tetsuo Handa
2011-07-23  5:20                   ` Tetsuo Handa
2011-07-23  7:04               ` Michael Tokarev
2011-07-23 10:39                 ` Tetsuo Handa
2011-07-25 12:20                   ` Anton Blanchard [this message]
2011-07-25 13:15                     ` Tetsuo Handa
2011-07-25 15:44                       ` Casey Schaufler
2011-07-25 16:43                         ` Tetsuo Handa
2011-07-25 17:00                           ` Casey Schaufler
2011-07-26  9:55                           ` Anton Blanchard
2011-07-26 11:21                             ` Tetsuo Handa
2011-07-26 13:58                               ` Eric Paris
2011-07-28  3:36                                 ` Tetsuo Handa
2011-08-02  6:07                                   ` David Miller
2011-08-02  9:28                                     ` Tetsuo Handa
2011-08-02 11:18                                       ` David Miller
2011-08-02 11:26                                         ` David Miller
2011-08-02 11:52                                           ` Tetsuo Handa
2011-08-02 12:01                                             ` David Miller
2011-08-02 13:11                                               ` Tetsuo Handa
2011-08-03  3:25                                                 ` Tetsuo Handa
2011-08-03  3:38                                                   ` David Miller
2011-08-03  3:47                                                     ` Anton Blanchard
2011-08-03 12:20                                                       ` Tetsuo Handa
2011-08-03 13:29                                                         ` Anton Blanchard
2011-08-03 13:37                                                           ` Eduard Sinelnikov
2011-08-03 21:50                                                           ` Tetsuo Handa
2011-08-04 12:56                                                             ` Anton Blanchard
2011-08-03 13:54                                                   ` Anton Blanchard
2011-07-26 20:30         ` Question regarding sendmmsg() Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110725222010.0b284042@kryten \
    --to=anton@samba.org \
    --cc=casey@schaufler-ca.com \
    --cc=davem@davemloft.net \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mjt@tls.msk.ru \
    --cc=netdev@vger.kernel.org \
    --cc=penguin-kernel@I-love.SAKURA.ne.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).