Secure generic netlink messages

[Thomas Graf]

On Sun, Dec 26, 2010 at 01:09:23PM +0100, Yves Langisch wrote:
> All,
> 
> I have a userspace process that makes use of generic netlink to
> communicate with my kernel module (bi-directional, unicast). As there
> are also sensitive data being exchanged I'd like to know what are the
> possibilites an attacker have to intercept the netlink messages?
> 
> I saw the function 'nl_socket_set_passcred' to pass uid/gid/pid to the
> kernel. I think that would help to secure the messages passed to the
> kernel as I could check for the uid/gid pair which is unique for the
> userspace process in my case. But I have not found any possibility in my
> kernel module to get access to this data when a generic netlink
> operation is being callbacked. How can I access these credentials in my
> operation?

Use the macro

	NETLINK_CREDS(skb)

it returns 'struct ucred *':

struct ucred {
	__u32	pid;
	__u32	uid;
	__u32	gid;
};

Therefore

	NETLINK_CREDS(skb)->pid

will give you the pid.