Netlink和安全性如何相互影响?

时间:2022-11-22 13:44:50

I understand that Netlink is the modern and correct way to communicate kernel and userspace in Linux.

据我所知,Netlink是在Linux中进行内核和用户空间通信的现代正确方法。

I have a kernel module that needs to be configurable, so I'm using Netlink to have it talk to a userspace application.

我有一个需要配置的内核模块,所以我使用Netlink让它与用户空间应用程序通信。

Everything works wonders, but it appears to me any user can talk to my module. I could lock the application using permissions and such, but the project is Open Source, so any user can easily compile the userspace application. Ergo, any user can configure my kernel. And that doesn't sit well with me.

一切都有奇效,但在我看来,任何用户都可以与我的模块交谈。我可以使用权限等锁定应用程序,但项目是开源的,因此任何用户都可以轻松编译用户空间应用程序。因此,任何用户都可以配置我的内核。这并不适合我。

It seems I'm missing something very important here, but the Netlink documentation I find is all about how to get it running, not how it fits in the real world.

看来我在这里遗漏了一些非常重要的东西,但我发现的Netlink文档都是关于如何让它运行,而不是它如何适应现实世界。

How can I restrict access to the module's Netlink socket? If that is impossible, what else can be done about it?

如何限制对模块的Netlink套接字的访问?如果这是不可能的,还有什么可以做的呢?

1 个解决方案

#1


4  

facepalm

捂脸

From RFC 3549:

来自RFC 3549:

Netlink lives in a trusted environment of a single host separated by kernel and user space. Linux capabilities ensure that only someone with CAP_NET_ADMIN capability (typically, the root user) is allowed to open sockets.

Netlink位于由内核和用户空间分隔的单个主机的可信环境中。 Linux功能可确保只允许具有CAP_NET_ADMIN功能的用户(通常是root用户)打开套接字。

The kernel is supposed to be the one who tells whether the module should let the user proceed or not, not Netlink. OBVIOUSLY.

内核应该是告诉模块是否应该让用户继续进行的内核,而不是Netlink。明显。

Just block by coding in kernelspace

只是通过在kernelspace中编码来阻止

/* If the current thread of execution doesn't have the proper privileges... */
if (!capable(CAP_NET_ADMIN)) { /* Or CAP_SYS_ADMIN or whatever */
    /* Throw this request away. */
    return -EPERM;

, done.

,完成了。

Thanks to ipclouds and tadokoro for guiding me in the right direction.

感谢ipclouds和tadokoro指导我正确的方向。

#1


4  

facepalm

捂脸

From RFC 3549:

来自RFC 3549:

Netlink lives in a trusted environment of a single host separated by kernel and user space. Linux capabilities ensure that only someone with CAP_NET_ADMIN capability (typically, the root user) is allowed to open sockets.

Netlink位于由内核和用户空间分隔的单个主机的可信环境中。 Linux功能可确保只允许具有CAP_NET_ADMIN功能的用户(通常是root用户)打开套接字。

The kernel is supposed to be the one who tells whether the module should let the user proceed or not, not Netlink. OBVIOUSLY.

内核应该是告诉模块是否应该让用户继续进行的内核,而不是Netlink。明显。

Just block by coding in kernelspace

只是通过在kernelspace中编码来阻止

/* If the current thread of execution doesn't have the proper privileges... */
if (!capable(CAP_NET_ADMIN)) { /* Or CAP_SYS_ADMIN or whatever */
    /* Throw this request away. */
    return -EPERM;

, done.

,完成了。

Thanks to ipclouds and tadokoro for guiding me in the right direction.

感谢ipclouds和tadokoro指导我正确的方向。