dbe9a4173e
Passing uids and gids on NETLINK_CB from a process in one user namespace to a process in another user namespace can result in the wrong uid or gid being presented to userspace. Avoid that problem by passing kuids and kgids instead. - define struct scm_creds for use in scm_cookie and netlink_skb_parms that holds uid and gid information in kuid_t and kgid_t. - Modify scm_set_cred to fill out scm_creds by heand instead of using cred_to_ucred to fill out struct ucred. This conversion ensures userspace does not get incorrect uid or gid values to look at. - Modify scm_recv to convert from struct scm_creds to struct ucred before copying credential values to userspace. - Modify __scm_send to populate struct scm_creds on in the scm_cookie, instead of just copying struct ucred from userspace. - Modify netlink_sendmsg to copy scm_creds instead of struct ucred into the NETLINK_CB. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
datagram.c | ||
dev.c | ||
dev_addr_lists.c | ||
drop_monitor.c | ||
dst.c | ||
ethtool.c | ||
fib_rules.c | ||
filter.c | ||
flow.c | ||
flow_dissector.c | ||
gen_estimator.c | ||
gen_stats.c | ||
iovec.c | ||
link_watch.c | ||
Makefile | ||
neighbour.c | ||
net-sysfs.c | ||
net-sysfs.h | ||
net-traces.c | ||
net_namespace.c | ||
netevent.c | ||
netpoll.c | ||
netprio_cgroup.c | ||
pktgen.c | ||
request_sock.c | ||
rtnetlink.c | ||
scm.c | ||
secure_seq.c | ||
skbuff.c | ||
sock.c | ||
sock_diag.c | ||
stream.c | ||
sysctl_net_core.c | ||
timestamping.c | ||
user_dma.c | ||
utils.c |