Re: [PATCH] Security: Implement and document RLIMIT_NETWORK.

From: Evgeniy Polyakov
Date: Wed Jan 07 2009 - 23:27:31 EST

Next message: KAMEZAWA Hiroyuki: "Re: [RFC][PATCH 3/4] Memory controller soft limit organize cgroups"
Previous message: Balbir Singh: "Re: [RFC][PATCH 3/4] Memory controller soft limit organize cgroups"
In reply to: Michael Stone: "Re: [PATCH] Security: Implement and document RLIMIT_NETWORK."
Next in thread: James Morris: "Re: [PATCH] Security: Implement and document RLIMIT_NETWORK."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 07, 2009 at 07:56:21PM -0500, Michael Stone (michael@xxxxxxxxxx) wrote:
> On Thu, Jan 08, 2009 at 12:59:36AM +0300, Evgeniy Polyakov wrote:
> >I meant that connected or accepted socket will not be able to send data
> >via send() call, but will be able to receive data using recv().
>
> A key fact which may not have stood out, since I didn't comment on it
> explicitly in the code, is that the disqualification tests inserted by
> the __sock_sendmsg() and unix_dgram_sendmsg hunks contain additional
> conditions like
>
> __sock_sendmsg():
> + && (msg->msg_name != NULL || msg->msg_namelen != 0))
>
> unix_dgram_sendmsg():
> + && !sunaddr->sun_path[0])
>
> which return us to the usual codepaths whenever we're dealing with an
> already-connected socket. Since my tests pass, can you post an example
> of a failing send() call which you think should work?

You are right, I misread the documentation part where it is explained
that already connected sockets are allowed to operate. Btw that code
part breaks codying style with trailing '\' and '&&' on the new line.
There should be something wrong in the patch :)

> >Your patch adds a rlimit check into __sock_sendmsg() call, which is
> >invoked via usual send() path, but sendfile() and splice() are still
> >exectuted without this check and thus will be able to send data after
> >rlimit applied.
>
> As far as I can tell, sendfile() and splice(), which operate solely on
> fds, cannot be used to send messages via a disconnected socket.
> Therefore, I /believe/ that they require no modification. Am I terribly
> mistaken about this?

No you are not, as long as user is allowed to operate with already
connected and/or bound sockets there should be no problems.

--
Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KAMEZAWA Hiroyuki: "Re: [RFC][PATCH 3/4] Memory controller soft limit organize cgroups"
Previous message: Balbir Singh: "Re: [RFC][PATCH 3/4] Memory controller soft limit organize cgroups"
In reply to: Michael Stone: "Re: [PATCH] Security: Implement and document RLIMIT_NETWORK."
Next in thread: James Morris: "Re: [PATCH] Security: Implement and document RLIMIT_NETWORK."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]