Reviewed-by: James Morris <jmorris@namei.org>



--
James Morris
<jmorris@namei.org>

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

From: Chris Wright <chrisw@sous-sol.org>
Date: Thu, 3 Mar 2011 12:15:22 -0800

> Here, I respun it so I could work on top of it
...
> I did not do exhaustive .config compile tests

Thanks a lot Chris, applied.

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

On Thu, Mar 03, 2011 at 12:15:22PM -0800, Chris Wright wrote:
> * David Miller (davem@davemloft.net) wrote:
> > From: Chris Wright <chrisw@sous-sol.org>
> > Date: Thu, 3 Mar 2011 09:32:30 -0800
> >
> > > * Patrick McHardy (kaber@trash.net) wrote:
> > >
> > >> commit 8ff259625f0ab295fa085b0718eed13093813fbc
> > >> Author: Patrick McHardy <kaber@trash.net>
> > >> Date: Thu Mar 3 10:17:31 2011 +0100
> > >>
> > >> netlink: kill eff_cap from struct netlink_skb_parms
> > >>
> > >> Netlink message processing in the kernel is synchronous these days,
> > >> capabilities can be checked directly in security_netlink_recv() from
> > >> the current process.
> > >>
> > >> Signed-off-by: Patrick McHardy <kaber@trash.net>
> > >
> > > Thanks for doing that Patrick. I looked at this earlier and thought
> > > there was still an async path, but I guess that's just to another
> > > userspace process.
> > >
> > > BTW, I think you missed a couple connector based callers:
> > >
> > > drivers/staging/pohmelfs/config.c: if (!cap_raised(nsp->eff_cap, CAP_SYS_AD
> > > drivers/video/uvesafb.c: if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))


Last time I checked, current() for connector based netlink message
consumers was the work queue that is used for connector.

So unless that changed, or my understanding is wrong, current_cap()
inside cn_queue_wrapper(), respectively the d->callback()
will not be the userland sender process' capabilities, but the work
queue capabilities.

If so, then this change introduces the possibility for normal users to
send privileged commands to connector based subsystems, even if they
may not be able to bind() to suitable sockets to receive any replies.

Am I missing something?

Lars

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

* Lars Ellenberg (lars.ellenberg@linbit.com) wrote:
> Last time I checked, current() for connector based netlink message
> consumers was the work queue that is used for connector.
>
> So unless that changed, or my understanding is wrong, current_cap()
> inside cn_queue_wrapper(), respectively the d->callback()
> will not be the userland sender process' capabilities, but the work
> queue capabilities.

Yes, you're right.

> If so, then this change introduces the possibility for normal users to
> send privileged commands to connector based subsystems, even if they
> may not be able to bind() to suitable sockets to receive any replies.
>
> Am I missing something?

No, thanks for review. This puts back the async issue.

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Hi.

On Thu, Mar 03, 2011 at 11:37:46PM +0100, Lars Ellenberg (lars.ellenberg@linbit.com) wrote:
> If so, then this change introduces the possibility for normal users to
> send privileged commands to connector based subsystems, even if they
> may not be able to bind() to suitable sockets to receive any replies.
>
> Am I missing something?

Yup, connector is very async at that place, but I wonder why the hell I
ever made that decision. I believe we can replace it with pure sync call
of the registered connector callback, since netlink is synchronous and
no one has any problem with it.

--
Evgeniy Polyakov

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

From: Evgeniy Polyakov <zbr@ioremap.net>
Date: Fri, 4 Mar 2011 04:29:56 +0300

> Hi.
>
> On Thu, Mar 03, 2011 at 11:37:46PM +0100, Lars Ellenberg (lars.ellenberg@linbit.com) wrote:
>> If so, then this change introduces the possibility for normal users to
>> send privileged commands to connector based subsystems, even if they
>> may not be able to bind() to suitable sockets to receive any replies.
>>
>> Am I missing something?
>
> Yup, connector is very async at that place, but I wonder why the hell I
> ever made that decision. I believe we can replace it with pure sync call
> of the registered connector callback, since netlink is synchronous and
> no one has any problem with it.

Yes, please it would really help us with what we're trying to do here.

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Hi Patrick.

On Tue, Mar 08, 2011 at 03:50:47PM +0100, Patrick McHardy (kaber@trash.net) wrote:
> > Yup, connector is very async at that place, but I wonder why the hell I
> > ever made that decision. I believe we can replace it with pure sync call
> > of the registered connector callback, since netlink is synchronous and
> > no one has any problem with it.
>
> Are you going to do this or do you want me to take care of it?

I will return back at the end of the week and will take care of this
problem. I will not mind if you complete it first though

--
Evgeniy Polyakov

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Hi.

On Tue, Mar 08, 2011 at 07:54:33PM +0100, Patrick McHardy (kaber@trash.net) wrote:
> >> Are you going to do this or do you want me to take care of it?
> >
> > I will return back at the end of the week and will take care of this
> > problem. I will not mind if you complete it first though
>
> Thanks Evgeniy, I'll give it a shot.

Is my help needed there or you will clean things up?

--
Evgeniy Polyakov

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel