Re: [PATCH] Security: Implement and document RLIMIT_NETWORK.

[Michael Stone]

On Thu, Jan 08, 2009 at 12:59:36AM +0300, Evgeniy Polyakov wrote:
> I meant that connected or accepted socket will not be able to send data
> via send() call, but will be able to receive data using recv().

A key fact which may not have stood out, since I didn't comment on it
explicitly in the code, is that the disqualification tests inserted by
the __sock_sendmsg() and unix_dgram_sendmsg hunks contain additional
conditions like

__sock_sendmsg():
+               && (msg->msg_name != NULL || msg->msg_namelen != 0))

unix_dgram_sendmsg():
+                       && !sunaddr->sun_path[0])

which return us to the usual codepaths whenever we're dealing with an
already-connected socket. Since my tests pass, can you post an example
of a failing send() call which you think should work?

> Your patch adds a rlimit check into __sock_sendmsg() call, which is
> invoked via usual send() path, but sendfile() and splice() are still
> exectuted without this check and thus will be able to send data after
> rlimit applied.

As far as I can tell, sendfile() and splice(), which operate solely on
fds, cannot be used to send messages via a disconnected socket.
Therefore, I /believe/ that they require no modification. Am I terribly
mistaken about this?

Thanks,

Michael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/