Commit cae9910e authored by Felipe Gasper's avatar Felipe Gasper Committed by David S. Miller

net: Add UNIX_DIAG_UID to Netlink UNIX socket diagnostics.

This adds the ability for Netlink to report a socket's UID along with the
other UNIX diagnostic information that is already available. This will
allow diagnostic tools greater insight into which users control which
socket.

To test this, do the following as a non-root user:

    unshare -U -r bash
    nc -l -U user.socket.$$ &

.. and verify from within that same session that Netlink UNIX socket
diagnostics report the socket's UID as 0. Also verify that Netlink UNIX
socket diagnostics report the socket's UID as the user's UID from an
unprivileged process in a different session. Verify the same from
a root process.
Signed-off-by: default avatarFelipe Gasper <felipe@felipegasper.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 54dee406
...@@ -20,6 +20,7 @@ struct unix_diag_req { ...@@ -20,6 +20,7 @@ struct unix_diag_req {
#define UDIAG_SHOW_ICONS 0x00000008 /* show pending connections */ #define UDIAG_SHOW_ICONS 0x00000008 /* show pending connections */
#define UDIAG_SHOW_RQLEN 0x00000010 /* show skb receive queue len */ #define UDIAG_SHOW_RQLEN 0x00000010 /* show skb receive queue len */
#define UDIAG_SHOW_MEMINFO 0x00000020 /* show memory info of a socket */ #define UDIAG_SHOW_MEMINFO 0x00000020 /* show memory info of a socket */
#define UDIAG_SHOW_UID 0x00000040 /* show socket's UID */
struct unix_diag_msg { struct unix_diag_msg {
__u8 udiag_family; __u8 udiag_family;
...@@ -40,6 +41,7 @@ enum { ...@@ -40,6 +41,7 @@ enum {
UNIX_DIAG_RQLEN, UNIX_DIAG_RQLEN,
UNIX_DIAG_MEMINFO, UNIX_DIAG_MEMINFO,
UNIX_DIAG_SHUTDOWN, UNIX_DIAG_SHUTDOWN,
UNIX_DIAG_UID,
__UNIX_DIAG_MAX, __UNIX_DIAG_MAX,
}; };
......
...@@ -5,9 +5,11 @@ ...@@ -5,9 +5,11 @@
#include <linux/unix_diag.h> #include <linux/unix_diag.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/uidgid.h>
#include <net/netlink.h> #include <net/netlink.h>
#include <net/af_unix.h> #include <net/af_unix.h>
#include <net/tcp_states.h> #include <net/tcp_states.h>
#include <net/sock.h>
static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb) static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb)
{ {
...@@ -111,6 +113,12 @@ static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb) ...@@ -111,6 +113,12 @@ static int sk_diag_show_rqlen(struct sock *sk, struct sk_buff *nlskb)
return nla_put(nlskb, UNIX_DIAG_RQLEN, sizeof(rql), &rql); return nla_put(nlskb, UNIX_DIAG_RQLEN, sizeof(rql), &rql);
} }
static int sk_diag_dump_uid(struct sock *sk, struct sk_buff *nlskb)
{
uid_t uid = from_kuid_munged(sk_user_ns(nlskb->sk), sock_i_uid(sk));
return nla_put(nlskb, UNIX_DIAG_UID, sizeof(uid_t), &uid);
}
static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req, static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_req *req,
u32 portid, u32 seq, u32 flags, int sk_ino) u32 portid, u32 seq, u32 flags, int sk_ino)
{ {
...@@ -157,6 +165,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r ...@@ -157,6 +165,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r
if (nla_put_u8(skb, UNIX_DIAG_SHUTDOWN, sk->sk_shutdown)) if (nla_put_u8(skb, UNIX_DIAG_SHUTDOWN, sk->sk_shutdown))
goto out_nlmsg_trim; goto out_nlmsg_trim;
if ((req->udiag_show & UDIAG_SHOW_UID) &&
sk_diag_dump_uid(sk, skb))
goto out_nlmsg_trim;
nlmsg_end(skb, nlh); nlmsg_end(skb, nlh);
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment