[dm-devel] Re: Updated cluster log patch (take 4)

[Evgeniy Polyakov <johnpol 2ka mipt ru>]

Hi Jonathan.

On Tue, Jun 02, 2009 at 02:54:59PM -0500, Jonathan Brassow (jbrassow redhat com) wrote:
> Evgeniy, I was wondering if I could get your thoughts on some of the
> security questions I am currently investigating below...
> 
> This patch contains very minor changes from the last posting.
> - Variable/Macro name changes
> - minor changes to comments
> 
> I am currently exploring the security of using connector/netlink.  I am
> being sure to clear any buffers before populating them to prevent
> leaking any kernel memory contents to userspace.  I am also double
> checking in-coming data length fields which are filled in from user
> space.  I have these questions remaining:
> 
> 1) Can a non-root user communicate with the kernel via connector?  I saw
> this (http://lwn.net/Articles/329266/) regarding a privilege escalation
> (udev + netlink).  The article tells how netlink used to allow userspace
> to both send and receive data, but now only allows data to be received.
> I think this behavior is protocol specific, though...  So, what does
> connector allow?
>
> 2) If connector does allow non-root users to communicate, do I need to
> worry about a simple user being able to perform a DOS on my daemon
> because it somehow manages to monopolize/disrupt communication to the
> connector address I am using?

Connector allows to send packets from non-root user, but only root can
receive the responses. I believe connector should have a default mode to
allow only root to send data to the kernel.

-- 
	Evgeniy Polyakov