Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access
From: Anjali Kulkarni <hidden>
Date: 2023-03-09 21:59:50
Also in:
lkml
________________________________________ From: Christian Brauner <brauner@kernel.org> Sent: Thursday, March 9, 2023 9:09 AM To: Anjali Kulkarni Cc: davem@davemloft.net; edumazet@google.com; kuba@kernel.org; pabeni@redhat.com; zbr@ioremap.net; johannes@sipsolutions.net; ecree.xilinx@gmail.com; leon@kernel.org; keescook@chromium.org; socketcan@hartkopp.net; petrm@nvidia.com; linux-kernel@vger.kernel.org; netdev@vger.kernel.org Subject: Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access On Wed, Mar 08, 2023 at 07:19:52PM -0800, Anjali Kulkarni wrote:
The patch allows non-root users to receive cn proc connector notifications, as anyone can normally get process start/exit status from /proc. The reason for not allowing non-root users to receive multicast messages is long gone, as described in this thread: https://urldefense.com/v3/__https://linux-kernel.vger.kernel.narkive.com/CpJFcnra/multicast-netlink-for-non-root-process__;!!ACWV5N9M2RV99hQ!NKjh44Qy5cy18bhIbdhHlHeA1w_i-N5u2PdbQPRTobAEUYW8ZiQ8hkOxaojiLWmq3POJ2k4DaD3CtyC9-C3Cnoo$
Sorry that thread is kinda convoluted. Could you please provide a summary in the commit message and explain why this isn't an issue anymore? ANJALI> Will change commit message as follows: There were a couple of reasons for not allowing non-root users access initially - one is there was "that at some point there was no proper receive buffer management in place for netlink multicast. But that should be long fixed." according to Andi Kleen & Alexey. Second is that some of the messages may contain data that is root only. But this should be handled with a finer granularity, which is being done at the protocol layer. The only problematic protocols are nf_queue and the firewall netlink, according to Andi. Hence, this restriction for non-root access was relaxed for rtnetlink initially (and subsequently for other protocols as well): https://lore.kernel.org/all/20020612013101.A22399@wotan.suse.de/ (local) Since process connector messages are not sensitive (process fork, exit notifications etc.), and anyone can read /proc data, we can allow non-root access here too. Reason we need this change is we cannot run our DB application as root.