kernel · 2a0a6ebee1d68552152ae8d4aeda91d806995dec · matisse / android_kernel_samsung_matisse

[NETLINK]: Synchronous message processing.

Herbert Xu authored 20 years ago

Let's recap the problem.  The current asynchronous netlink kernel
message processing is vulnerable to these attacks:

1) Hit and run: Attacker sends one or more messages and then exits
before they're processed.  This may confuse/disable the next netlink
user that gets the netlink address of the attacker since it may
receive the responses to the attacker's messages.

Proposed solutions:

a) Synchronous processing.
b) Stream mode socket.
c) Restrict/prohibit binding.

2) Starvation: Because various netlink rcv functions were written
to not return until all messages have been processed on a socket,
it is possible for these functions to execute for an arbitrarily
long period of time.  If this is successfully exploited it could
also be used to hold rtnl forever.

Proposed solutions:

a) Synchronous processing.
b) Stream mode socket.

Firstly let's cross off solution c).  It only solves the first
problem and it has user-visible impacts.  In particular, it'll
break user...

2a0a6ebe

Name	Last commit	Last update
..
irq
power
Makefile
acct.c
audit.c
auditsc.c
capability.c
compat.c
configs.c
cpu.c
cpuset.c
dma.c
exec_domain.c
exit.c
extable.c
fork.c
futex.c
intermodule.c
itimer.c
kallsyms.c
kfifo.c
kmod.c
kprobes.c
ksysfs.c
kthread.c
module.c
panic.c
params.c
pid.c
posix-cpu-timers.c
posix-timers.c
printk.c
profile.c
ptrace.c
rcupdate.c
resource.c
sched.c
seccomp.c
signal.c
softirq.c
spinlock.c
stop_machine.c
sys.c
sys_ni.c
sysctl.c
time.c
timer.c
uid16.c
user.c
wait.c
workqueue.c

Download source code

Download this directory