Secure generic netlink messages

Yves Langisch yves at
Sun Dec 26 07:09:23 EST 2010


I have a userspace process that makes use of generic netlink to
communicate with my kernel module (bi-directional, unicast). As there
are also sensitive data being exchanged I'd like to know what are the
possibilites an attacker have to intercept the netlink messages?

I saw the function 'nl_socket_set_passcred' to pass uid/gid/pid to the
kernel. I think that would help to secure the messages passed to the
kernel as I could check for the uid/gid pair which is unique for the
userspace process in my case. But I have not found any possibility in my
kernel module to get access to this data when a generic netlink
operation is being callbacked. How can I access these credentials in my


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5198 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the libnl mailing list