Secure generic netlink messages

Yves Langisch yves at langisch.ch
Tue Jan 4 03:40:15 EST 2011


> I saw the function 'nl_socket_set_passcred' to pass uid/gid/pid to the
> kernel. I think that would help to secure the messages passed to the
> kernel as I could check for the uid/gid pair which is unique for the
> userspace process in my case. But I have not found any possibility in my
> kernel module to get access to this data when a generic netlink
> operation is being callbacked. How can I access these credentials in my
> operation?

For this part of my question I have found out that I need something like:

...
struct ucred credentials;
 int ucred_length = sizeof(struct ucred);

 /*fill in the user data structure */
 if(getsockopt(connection_fd, SOL_SOCKET, SO_PEERCRED, &credentials,
&ucred_length))
 {
  printf("could obtain credentials from unix domain socket");
  return 1;
 }
...

The question now is how to obtain the file descriptor of the netlink
socket (connection_fd)? The callback signature

static int nl_operation(struct sk_buff *skb, struct genl_info *info)

only contains a pointer to the sk_buff. I can extract the socket from
that but I have no idea how to get the fd.

Any idea?

Yves



More information about the libnl mailing list