Re: netlink nlmsg_pid supposed to be pid or tid?

From: Herbert Xu
Date: Mon Nov 21 2005 - 18:34:06 EST

Next message: Andrew Morton: "Re: infinite loop? with mmap, nfs, pwrite, O_DIRECT"
Previous message: Benjamin Herrenschmidt: "Re: [RFC] Small PCI core patch"
In reply to: Alexey Kuznetsov: "Re: netlink nlmsg_pid supposed to be pid or tid?"
Next in thread: Herbert Xu: "[NETLINK]: Use tgid instead of pid for nlmsg_pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 22, 2005 at 01:49:13AM +0300, Alexey Kuznetsov wrote:
>
> Actually, I remember one discussion. Herbert, wait a minute...
> That's it: February 2005, Subject: [PATCH] Add audit uid to netlink credentials
> We decided (or not?) that binding to anything but tgid and pid
> must be prohibited by security reasons. Apaprently, the finding was lost.

Thanks for reminding me. We may still need to track that down (we
have now serialised most of the netlink processing so this my not be
as bad as it was).

However, I think explicit binding should still be allowed for root,
so nobody should take the PID for granted.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: infinite loop? with mmap, nfs, pwrite, O_DIRECT"
Previous message: Benjamin Herrenschmidt: "Re: [RFC] Small PCI core patch"
In reply to: Alexey Kuznetsov: "Re: netlink nlmsg_pid supposed to be pid or tid?"
Next in thread: Herbert Xu: "[NETLINK]: Use tgid instead of pid for nlmsg_pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]