From: Willy Tarreau <w@1wt.eu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@amacapital.net>,
"Jorge Boncompte [DTI2]" <jorge@dti2.net>,
Jiri Benc <jbenc@redhat.com>, David Miller <davem@davemloft.net>,
Vivek Goyal <vgoyal@redhat.com>, Simo Sorce <ssorce@redhat.com>,
"security@kernel.org" <security@kernel.org>,
Network Development <netdev@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Michael Kerrisk-manpages <mtk.manpages@gmail.com>
Subject: Re: [RFC][PATCH] netlink: Only check file credentials for implicit destinations
Date: Mon, 26 May 2014 15:39:07 +0200 [thread overview]
Message-ID: <20140526133907.GD13929@1wt.eu> (raw)
In-Reply-To: <CA+55aFwsomt04G8MTJBU2YEn4XLuRw14C4yU1b2sWDmk5HWrcw@mail.gmail.com>
On Sun, May 25, 2014 at 05:32:55PM -0700, Linus Torvalds wrote:
> On Sun, May 25, 2014 at 4:44 PM, Eric W. Biederman
> <ebiederm@xmission.com> wrote:
> >
> > But I agree that since connect on sockets is really the equivalent of
> > open on files, and unprivileged users can change where a socket is
> > connected to, using a struct cred captured at connect() time is better
> > than the struct cred captured at socket() time.
>
> Ack. Conceptually, "connect/listen" really ends up being the
> equivalent to pathname lookup, not so much "socket()", which just
> mostly creates the placeholder for future work.
>
> That would also be very much consistent with making "sendto" look at
> current creds rather than cached creds (but only _if_ it has an
> address, of course - using "sendto(... , NULL, 0)" should _not_
> somehow be different from "send()"). So I think that from a
> sensibility and "please explain the semantics to me" standpoint, that
> would be sane semantics.
I like this! And it's very much consistent with sendto() being used
as an alternative to connect() with TCP Fastopen.
Willy
next prev parent reply other threads:[~2014-05-26 13:40 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CALCETrUaYhh6Dkzn0TMEUz-GEO9-6ObByk5d_xRViSMBbp5Pkg@mail.gmail.com>
[not found] ` <cover.1397840611.git.luto@amacapital.net>
[not found] ` <6daf425e2023266d52d181e4d2ee18747d4f1fa8.1397840611.git.luto@amacapital.net>
[not found] ` <87tx9nuxf6.fsf@x220.int.ebiederm.org>
[not found] ` <CALCETrUqNVRBse4rUeUKfgYt0d+9x1JrEHGcZ_DnWyq7W6Yyzw@mail.gmail.com>
[not found] ` <87r44qtabz.fsf@x220.int.ebiederm.org>
[not found] ` <CALCETrWzUQ7QjykT85ExDfX-+9eDD-D-dcxofUMPvLK=ia9arg@mail.gmail.com>
[not found] ` <87r44qrt8v.fsf_-_@x220.int.ebiederm.org>
2014-04-22 21:13 ` [PATCH 0/6]: Preventing abuse when passing file descriptors Eric W. Biederman
2014-04-22 21:14 ` [PATCH 1/6] netlink: Rename netlink_capable netlink_allowed Eric W. Biederman
2014-04-22 21:15 ` [PATCH 2/6] net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump Eric W. Biederman
2014-04-22 21:15 ` [PATCH 3/6] net: Fix ns_capable check in packet_diag_dump Eric W. Biederman
2014-04-22 21:16 ` [PATCH 4/6] net: Add variants of capable for use on on sockets Eric W. Biederman
2014-04-22 21:16 ` [PATCH 5/6] net: Add variants of capable for use on netlink messages Eric W. Biederman
2014-04-22 21:17 ` [PATCH 6/6] net: Use netlink_ns_capable to verify the permisions of " Eric W. Biederman
2014-04-23 19:32 ` [PATCH 0/6]: Preventing abuse when passing file descriptors David Miller
2014-04-23 21:24 ` [PATCH 0/5]: " Eric W. Biederman
2014-04-23 21:25 ` [PATCH 1/5] netlink: Rename netlink_capable netlink_allowed Eric W. Biederman
2014-04-23 21:26 ` [PATCH 2/5] net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump Eric W. Biederman
2014-04-23 21:26 ` [PATCH 3/5] net: Add variants of capable for use on on sockets Eric W. Biederman
2014-04-23 21:28 ` [PATCH 4/5] net: Add variants of capable for use on netlink messages Eric W. Biederman
2014-04-23 21:29 ` [PATCH 5/5] net: Use netlink_ns_capable to verify the permisions of " Eric W. Biederman
2014-05-07 22:18 ` Jorge Boncompte [DTI2]
2014-05-07 22:26 ` Andy Lutomirski
2014-05-07 22:52 ` David Miller
2014-05-07 23:01 ` Andy Lutomirski
2014-05-07 23:34 ` Linus Torvalds
2014-05-07 23:45 ` Andy Lutomirski
2014-05-22 15:05 ` Jiri Benc
2014-05-23 23:25 ` Eric W. Biederman
2014-05-23 23:51 ` Linus Torvalds
2014-05-24 22:34 ` David Miller
2014-05-25 5:38 ` [RFC][PATCH] netlink: Only check file credentials for implicit destinations Eric W. Biederman
2014-05-25 16:50 ` Andy Lutomirski
2014-05-25 23:44 ` Eric W. Biederman
2014-05-26 0:32 ` Linus Torvalds
2014-05-26 5:36 ` [RFC][PATCH 2/1] netlink: Use the credential at the time the destination address was set Eric W. Biederman
2014-05-26 17:19 ` Andy Lutomirski
2014-05-27 4:24 ` Eric W. Biederman
2014-05-26 13:39 ` Willy Tarreau [this message]
2014-05-26 8:38 ` [RFC][PATCH] netlink: Only check file credentials for implicit destinations Michael Kerrisk (man-pages)
2014-05-25 5:45 ` [PATCH 5/5] net: Use netlink_ns_capable to verify the permisions of netlink messages Eric W. Biederman
2014-05-25 16:27 ` Andy Lutomirski
2014-05-08 21:29 ` Stephen Hemminger
2014-05-08 21:32 ` Andy Lutomirski
[not found] ` <CA+55aFzOHZcw2o6Cq6rSddSBDZvhgzYToBruak9SLCHxx-fA3Q@mail.gmail.com>
2014-05-08 21:49 ` Andy Lutomirski
2014-05-08 22:07 ` Stephen Hemminger
2014-05-08 21:54 ` David Miller
2014-05-07 23:45 ` David Miller
2014-05-08 21:21 ` Stephen Hemminger
2014-05-08 21:52 ` David Miller
2014-05-08 21:54 ` Andy Lutomirski
2014-04-24 17:45 ` [PATCH 0/5]: Preventing abuse when passing file descriptors David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140526133907.GD13929@1wt.eu \
--to=w@1wt.eu \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=jbenc@redhat.com \
--cc=jorge@dti2.net \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=security@kernel.org \
--cc=serge@hallyn.com \
--cc=ssorce@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).