On Thu, Apr 17, 2014 at 10:33 AM, Simo Sorce <sso...@redhat.com> wrote: > On Thu, 2014-04-17 at 10:26 -0700, Andy Lutomirski wrote: >> >> Not really. write(2) can't send SCM_CGROUP. Callers of sendmsg(2) >> who supply SCM_CGROUP are explicitly indicating that they want their >> cgroup associated with that message. Callers of write(2) and send(2) >> are simply indicating that they have some bytes that they want to >> shove into whatever's at the other end of the fd. > > But there is no attack vector that passes by tricking setuid binaries to > write to pre-opened file descriptors on sendmsg(), and for the other > cases (connected socket) journald can always cross check with > SO_PEERCGROUP, so why do we care again ?
Because the proposed code does not do what I described, at least as far I as I can tell. --Andy -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
