Message ID | 1293315371.9764.44.camel@Dan |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
On 25.12.2010 23:16, Dan Rosenberg wrote: > Since the socket address is just being used as a unique identifier, its > inode number is an alternative that does not leak potentially sensitive > information. > > CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. > > Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> > Cc: stable <stable@kernel.org> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Thanks Dan. > --- > net/can/bcm.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/can/bcm.c b/net/can/bcm.c > index 6faa825..5748901 100644 > --- a/net/can/bcm.c > +++ b/net/can/bcm.c > @@ -1520,8 +1520,8 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, > bo->bound = 1; > > if (proc_dir) { > - /* unique socket address as filename */ > - sprintf(bo->procname, "%p", sock); > + /* socket inode as filename */ > + sprintf(bo->procname, "%lx", sock_i_ino(sk)); > bo->bcm_proc_read = proc_create_data(bo->procname, 0644, > proc_dir, > &bcm_proc_fops, sk); > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 25.12.2010 23:22, Oliver Hartkopp wrote: > On 25.12.2010 23:16, Dan Rosenberg wrote: >> Since the socket address is just being used as a unique identifier, its >> inode number is an alternative that does not leak potentially sensitive >> information. >> >> CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. >> >> Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> >> Cc: stable <stable@kernel.org> > > Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> > > Thanks Dan. > >> --- >> net/can/bcm.c | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/net/can/bcm.c b/net/can/bcm.c >> index 6faa825..5748901 100644 >> --- a/net/can/bcm.c >> +++ b/net/can/bcm.c >> @@ -1520,8 +1520,8 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, >> bo->bound = 1; >> >> if (proc_dir) { >> - /* unique socket address as filename */ >> - sprintf(bo->procname, "%p", sock); >> + /* socket inode as filename */ >> + sprintf(bo->procname, "%lx", sock_i_ino(sk)); One minor question: AFAIK the inode numbers that can be found in /proc/<pid>/fd/* are in decimal and not in hex, right? If so, you should use '%lu' instead of '%lx' in the patch. Regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> > One minor question: > > AFAIK the inode numbers that can be found in /proc/<pid>/fd/* are in decimal > and not in hex, right? > > If so, you should use '%lu' instead of '%lx' in the patch. Yes, that's usually how they're expressed, but I did it this way for two reasons. Firstly, %lu would require another change to the buffer size, since the output could be up to 20 bytes long (plus another for the NULL terminator). Secondly, by expressing it as hex it avoids breaking any userland utilities that are expecting addresses, even if no such utilities exist. -Dan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 25.12.2010 23:41, Dan Rosenberg wrote: > >> >> One minor question: >> >> AFAIK the inode numbers that can be found in /proc/<pid>/fd/* are in decimal >> and not in hex, right? >> >> If so, you should use '%lu' instead of '%lx' in the patch. > > Yes, that's usually how they're expressed, but I did it this way for two > reasons. Firstly, %lu would require another change to the buffer size, > since the output could be up to 20 bytes long (plus another for the NULL > terminator). This is not *really* a good reason as the buffer size can be changed easily within the same patch, right? ;-) > Secondly, by expressing it as hex it avoids breaking any > userland utilities that are expecting addresses, even if no such > utilities exist. I'm very sure there are no userland utilities. And if there were any, they only would use the filename as unique identifiers and can't do anything with the (kernel)addresses - as you already stated in the patch description. E.g. thinking of some shell script the content of the filename is pretty useless unless it is unique. The recent patch for the 64 bit compatibility broke the length of the filename anyway, so IMO there's no real reason left to write the inode number as a hex value for the unique filename. Indeed having it a decimal number would bring some added value as you can reference the filename to the numbers in /proc/<pid>/fd/* easily. Convinced? 8-) Regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sun, 2010-12-26 at 12:29 +0100, Oliver Hartkopp wrote: > Convinced? 8-) > Absolutely. I didn't mean to come across as argumentative, I was just trying to anticipate potential objections. I'll resend shortly. Thanks, Dan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/can/bcm.c b/net/can/bcm.c index 6faa825..5748901 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -1520,8 +1520,8 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, bo->bound = 1; if (proc_dir) { - /* unique socket address as filename */ - sprintf(bo->procname, "%p", sock); + /* socket inode as filename */ + sprintf(bo->procname, "%lx", sock_i_ino(sk)); bo->bcm_proc_read = proc_create_data(bo->procname, 0644, proc_dir, &bcm_proc_fops, sk);
Since the socket address is just being used as a unique identifier, its inode number is an alternative that does not leak potentially sensitive information. CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: stable <stable@kernel.org> --- net/can/bcm.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html