Secure generic netlink messages
Yves Langisch
yves at langisch.ch
Tue Jan 4 03:40:15 EST 2011
> I saw the function 'nl_socket_set_passcred' to pass uid/gid/pid to the
> kernel. I think that would help to secure the messages passed to the
> kernel as I could check for the uid/gid pair which is unique for the
> userspace process in my case. But I have not found any possibility in my
> kernel module to get access to this data when a generic netlink
> operation is being callbacked. How can I access these credentials in my
> operation?
For this part of my question I have found out that I need something like:
...
struct ucred credentials;
int ucred_length = sizeof(struct ucred);
/*fill in the user data structure */
if(getsockopt(connection_fd, SOL_SOCKET, SO_PEERCRED, &credentials,
&ucred_length))
{
printf("could obtain credentials from unix domain socket");
return 1;
}
...
The question now is how to obtain the file descriptor of the netlink
socket (connection_fd)? The callback signature
static int nl_operation(struct sk_buff *skb, struct genl_info *info)
only contains a pointer to the sk_buff. I can extract the socket from
that but I have no idea how to get the fd.
Any idea?
Yves
More information about the libnl
mailing list