Hi Jonathan. On Tue, Jun 02, 2009 at 02:54:59PM -0500, Jonathan Brassow (jbrassow@xxxxxxxxxx) wrote: > Evgeniy, I was wondering if I could get your thoughts on some of the > security questions I am currently investigating below... > > This patch contains very minor changes from the last posting. > - Variable/Macro name changes > - minor changes to comments > > I am currently exploring the security of using connector/netlink. I am > being sure to clear any buffers before populating them to prevent > leaking any kernel memory contents to userspace. I am also double > checking in-coming data length fields which are filled in from user > space. I have these questions remaining: > > 1) Can a non-root user communicate with the kernel via connector? I saw > this (http://lwn.net/Articles/329266/) regarding a privilege escalation > (udev + netlink). The article tells how netlink used to allow userspace > to both send and receive data, but now only allows data to be received. > I think this behavior is protocol specific, though... So, what does > connector allow? > > 2) If connector does allow non-root users to communicate, do I need to > worry about a simple user being able to perform a DOS on my daemon > because it somehow manages to monopolize/disrupt communication to the > connector address I am using? Connector allows to send packets from non-root user, but only root can receive the responses. I believe connector should have a default mode to allow only root to send data to the kernel. -- Evgeniy Polyakov -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
