On Mon, 2017-10-23 at 20:12 +0300, Leon Romanovsky wrote:
> On Mon, Oct 23, 2017 at 10:49:24AM -0400, Doug Ledford wrote:
> > On 10/23/2017 4:11 AM, Leon Romanovsky wrote:
> Doug,
>
> It has very little related to security here. The RDMA_NL_LS netlink
> operations require CAP_NET_ADMIN capability set and it is checked
> before
> calling any callback.
I disagree. In this particular case, it wasn't a nefarious user, it
was a simple misconfiguration that cause the kernel to oops. So even
if you have CAP_NET_ADMIN, you still don't want a user space issue to
oops the kernel. If you simply don't allow it to happen, then whether
the CAP_NET_ADMIN program has been compromised by a black hat user is
irrelevant. That seems the right way to be to me.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: B826A3330E572FDD
Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
