mirror of
https://github.com/Fishwaldo/linux-bl808.git
synced 2025-06-17 20:25:19 +00:00
scm: Don't use struct ucred in NETLINK_CB and struct scm_cookie.
Passing uids and gids on NETLINK_CB from a process in one user namespace to a process in another user namespace can result in the wrong uid or gid being presented to userspace. Avoid that problem by passing kuids and kgids instead. - define struct scm_creds for use in scm_cookie and netlink_skb_parms that holds uid and gid information in kuid_t and kgid_t. - Modify scm_set_cred to fill out scm_creds by heand instead of using cred_to_ucred to fill out struct ucred. This conversion ensures userspace does not get incorrect uid or gid values to look at. - Modify scm_recv to convert from struct scm_creds to struct ucred before copying credential values to userspace. - Modify __scm_send to populate struct scm_creds on in the scm_cookie, instead of just copying struct ucred from userspace. - Modify netlink_sendmsg to copy scm_creds instead of struct ucred into the NETLINK_CB. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
d679c5324d
commit
dbe9a4173e
4 changed files with 33 additions and 12 deletions
|
@ -153,6 +153,7 @@ struct nlattr {
|
|||
|
||||
#include <linux/capability.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <net/scm.h>
|
||||
|
||||
struct net;
|
||||
|
||||
|
@ -162,7 +163,7 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb)
|
|||
}
|
||||
|
||||
struct netlink_skb_parms {
|
||||
struct ucred creds; /* Skb credentials */
|
||||
struct scm_creds creds; /* Skb credentials */
|
||||
__u32 pid;
|
||||
__u32 dst_group;
|
||||
struct sock *ssk;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue