On Fri, Oct 02, 2009 at 05:54:12PM +0200, Philipp Reisner wrote: > > On Fri, Oct 02, 2009 at 02:40:03PM +0200, Philipp Reisner wrote: > > > Affected: All code that uses connector, in kernel and out of mainline > > > > > > The connector, as it is today, does not allow the in kernel receiving > > > parts to do any checks on privileges of a message's sender. > > > > So, assume I know nothing about the connector architecture, what does > > this mean in a security context? > > > > Think of the connector as a layer on top of netlink that allows more > than a hard coded number of subsystems to use netlink. > > Netlink is used e.g. to modify routing tables in the kernel. > > As it is today, subsystem utilising the connector can not examine > the capabilities of the user/program that sent the netlink message. > > If the same would be true for netlink, than every unprivileged user > could change the routing tables on your box. > > > > I know, there are not many out there that like connector, but as > > > long as it is in the kernel, we have to fix the security issues it has! > > > > And what specifically are the security issues? > > > > unprivileged users can trigger operations that are supposed to be only > accessible to users having CAP_SYS_ADMIN (or some other CAP_XXX) Ok, but it doesn't look like there are that many connector operations right now, right? Anyway, I have no objection to the patches, and figure they should go through David's network tree. thanks, greg k-h -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
