Secure generic netlink messages
Yves Langisch
yves at langisch.ch
Sun Dec 26 07:09:23 EST 2010
All,
I have a userspace process that makes use of generic netlink to
communicate with my kernel module (bi-directional, unicast). As there
are also sensitive data being exchanged I'd like to know what are the
possibilites an attacker have to intercept the netlink messages?
I saw the function 'nl_socket_set_passcred' to pass uid/gid/pid to the
kernel. I think that would help to secure the messages passed to the
kernel as I could check for the uid/gid pair which is unique for the
userspace process in my case. But I have not found any possibility in my
kernel module to get access to this data when a generic netlink
operation is being callbacked. How can I access these credentials in my
operation?
Thanks
Yves
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5198 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/libnl/attachments/20101226/409ad7ad/attachment.p7s>
More information about the libnl
mailing list