Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT

From: Jan Engelhardt
Date: Thu Oct 10 2024 - 09:54:30 EST

Next message: James Clark: "Re: [PATCH v3 0/7] perf arm-spe: Refactor data source encoding"
Previous message: Prabhakar: "[PATCH] arm64: dts: renesas: hihope: Drop #sound-dai-cells"
In reply to: Florian Westphal: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Next in thread: Richard Weinberger: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 2024-10-10 15:48, Florian Westphal wrote:
>Richard Weinberger <richard@xxxxxxxxxxxxx> wrote:
>> Am Mittwoch, 9. Oktober 2024, 23:33:45 CEST schrieb Florian Westphal:
>> > There is no need to follow ->file backpointer anymore, see
>> > 6acc5c2910689fc6ee181bf63085c5efff6a42bd and
>> > 86741ec25462e4c8cdce6df2f41ead05568c7d5e,
>> > "net: core: Add a UID field to struct sock.".
>>
>> Oh, neat!
>>
>> > I think we could streamline all the existing paths that fetch uid
>> > from sock->file to not do that and use sock_net_uid() instead as well.
>>
>> Also xt_owner?
>
>sk->sk_uid is already used e.g. for fib lookups so I think it makes
>sense to be consistent, so, yes, xt_owner, nfqueue, nft_meta.c, all can
>be converted.

I doubt it. We've been there before... if a process does setuid,
some uid field doesn't change, and others do, so that's user-visible
behavior you can't just change.

Next message: James Clark: "Re: [PATCH v3 0/7] perf arm-spe: Refactor data source encoding"
Previous message: Prabhakar: "[PATCH] arm64: dts: renesas: hihope: Drop #sound-dai-cells"
In reply to: Florian Westphal: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Next in thread: Richard Weinberger: "Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]