[dm-devel] Re: Updated cluster log patch (take 4)
Evgeniy Polyakov
johnpol at 2ka.mipt.ru
Tue Jun 2 20:59:58 UTC 2009
Hi Jonathan.
On Tue, Jun 02, 2009 at 02:54:59PM -0500, Jonathan Brassow (jbrassow at redhat.com) wrote:
> Evgeniy, I was wondering if I could get your thoughts on some of the
> security questions I am currently investigating below...
>
> This patch contains very minor changes from the last posting.
> - Variable/Macro name changes
> - minor changes to comments
>
> I am currently exploring the security of using connector/netlink. I am
> being sure to clear any buffers before populating them to prevent
> leaking any kernel memory contents to userspace. I am also double
> checking in-coming data length fields which are filled in from user
> space. I have these questions remaining:
>
> 1) Can a non-root user communicate with the kernel via connector? I saw
> this (http://lwn.net/Articles/329266/) regarding a privilege escalation
> (udev + netlink). The article tells how netlink used to allow userspace
> to both send and receive data, but now only allows data to be received.
> I think this behavior is protocol specific, though... So, what does
> connector allow?
>
> 2) If connector does allow non-root users to communicate, do I need to
> worry about a simple user being able to perform a DOS on my daemon
> because it somehow manages to monopolize/disrupt communication to the
> connector address I am using?
Connector allows to send packets from non-root user, but only root can
receive the responses. I believe connector should have a default mode to
allow only root to send data to the kernel.
--
Evgeniy Polyakov
More information about the dm-devel
mailing list