Rcceiving a generic netlink multicast - should be restricted to the root user?

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

* Rcceiving a generic netlink multicast - should be restricted to the root user?
@ 2015-03-07  2:08 Craig Davison
  2015-03-08  4:12 ` Craig Davison
  0 siblings, 1 reply; 3+ messages in thread
From: Craig Davison @ 2015-03-07  2:08 UTC (permalink / raw)
  To: linux-kernel

I wrote a kernel module that sends generic Netlink multicasts, and
wrote a userland client using libmnl that receives them.

That all works fine, but my client works even when it's not the root user.

man 7 netlink says:

Only processes with an effective UID of 0 or the CAP_NET_ADMIN capability
may send or listen to a netlink multicast group.

The listen part of this is seemingly not true. I've tried this on
kernels 3.13 (Ubuntu 14.04), 2.6.32 (CentOS 6) and 2.6.18 (CentOS 5).

Is this a bug?

If not: I know that restricting receiving generic netlink commands
incoming to the kernel to being only from root is possible with
GENL_ADMIN_PERM flag, but is it possible to send multicasts from the
kernel that can only be received by root?

Thank you

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Rcceiving a generic netlink multicast - should be restricted to the root user?
  2015-03-07  2:08 Rcceiving a generic netlink multicast - should be restricted to the root user? Craig Davison
@ 2015-03-08  4:12 ` Craig Davison
  2015-03-10 23:55   ` Craig Davison
  0 siblings, 1 reply; 3+ messages in thread
From: Craig Davison @ 2015-03-08  4:12 UTC (permalink / raw)
  To: linux-kernel

Some code to reproduce this is at https://github.com/craig65535/mcast-exmpl.

The kernel module hooks TCP connects via a jprobe, and multicasts a
generic netlink message on every connect. So after insmod'ing the
module, just connect anywhere to send a multicast.

The client receives multicasts, even when it's not running as root.

Again, the documentation (man 7 netlink) does not agree with this. Is
this just a documentation bug, or a real bug?

On Fri, Mar 6, 2015 at 7:08 PM, Craig Davison <craig65535@gmail.com> wrote:
> I wrote a kernel module that sends generic Netlink multicasts, and
> wrote a userland client using libmnl that receives them.
>
> That all works fine, but my client works even when it's not the root user.
>
> man 7 netlink says:
>
> Only processes with an effective UID of 0 or the CAP_NET_ADMIN capability
> may send or listen to a netlink multicast group.
>
> The listen part of this is seemingly not true. I've tried this on
> kernels 3.13 (Ubuntu 14.04), 2.6.32 (CentOS 6) and 2.6.18 (CentOS 5).
>
> Is this a bug?
>
> If not: I know that restricting receiving generic netlink commands
> incoming to the kernel to being only from root is possible with
> GENL_ADMIN_PERM flag, but is it possible to send multicasts from the
> kernel that can only be received by root?
>
> Thank you

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Rcceiving a generic netlink multicast - should be restricted to the root user?
  2015-03-08  4:12 ` Craig Davison
@ 2015-03-10 23:55   ` Craig Davison
  0 siblings, 0 replies; 3+ messages in thread
From: Craig Davison @ 2015-03-10 23:55 UTC (permalink / raw)
  To: linux-kernel

I asked about this on stackoverflow at
http://stackoverflow.com/questions/28909009/ .

Basically, when the generic netlink socket is created on the kernel
side, its netlink_kernel_cfg has:
    .flags = NL_CFG_F_NONROOT_RECV

So for generic netlink, non-root processes will always be able to
receive multicasts. But the default, as is used in some other netlink
families, is that only root can receive them. So it seems the
documentation is only a little misleading.



On Sat, Mar 7, 2015 at 9:12 PM, Craig Davison <craig65535@gmail.com> wrote:
> Some code to reproduce this is at https://github.com/craig65535/mcast-exmpl.
>
> The kernel module hooks TCP connects via a jprobe, and multicasts a
> generic netlink message on every connect. So after insmod'ing the
> module, just connect anywhere to send a multicast.
>
> The client receives multicasts, even when it's not running as root.
>
> Again, the documentation (man 7 netlink) does not agree with this. Is
> this just a documentation bug, or a real bug?
>
> On Fri, Mar 6, 2015 at 7:08 PM, Craig Davison <craig65535@gmail.com> wrote:
>> I wrote a kernel module that sends generic Netlink multicasts, and
>> wrote a userland client using libmnl that receives them.
>>
>> That all works fine, but my client works even when it's not the root user.
>>
>> man 7 netlink says:
>>
>> Only processes with an effective UID of 0 or the CAP_NET_ADMIN capability
>> may send or listen to a netlink multicast group.
>>
>> The listen part of this is seemingly not true. I've tried this on
>> kernels 3.13 (Ubuntu 14.04), 2.6.32 (CentOS 6) and 2.6.18 (CentOS 5).
>>
>> Is this a bug?
>>
>> If not: I know that restricting receiving generic netlink commands
>> incoming to the kernel to being only from root is possible with
>> GENL_ADMIN_PERM flag, but is it possible to send multicasts from the
>> kernel that can only be received by root?
>>
>> Thank you

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-03-10 23:55 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-07  2:08 Rcceiving a generic netlink multicast - should be restricted to the root user? Craig Davison
2015-03-08  4:12 ` Craig Davison
2015-03-10 23:55   ` Craig Davison

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).