1. Patchew
  2. linux
  3. [PATCH 0/5] Process connector bug fixes & enhancements
  4. View patch

[PATCH 4/5] connector/cn_proc: Allow non-root users access

Anjali Kulkarni posted 5 patches 2 years, 6 months ago
There is a newer version of this series
[PATCH 4/5] connector/cn_proc: Allow non-root users access
Posted by Anjali Kulkarni 2 years, 6 months ago 
The patch allows non-root users to receive cn proc connector
notifications, as anyone can normally get process start/exit status from
/proc. The reason for not allowing non-root users to receive multicast
messages is long gone, as described in this thread:
https://linux-kernel.vger.kernel.narkive.com/CpJFcnra/multicast-netlink-for-non-root-process

Also, many other netlink protocols allow non-root users to receive multicast
messages, and there is no reason to discriminate against CONNECTOR.

Reason we need this change is we need to run our DB application as a 
non-root user.

Signed-off-by: Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
---
 drivers/connector/cn_proc.c   | 7 -------
 drivers/connector/connector.c | 1 +
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index ef3820b43b5c..03ba70f07113 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -376,12 +376,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
 	    !task_is_in_init_pid_ns(current))
 		return;
 
-	/* Can only change if privileged. */
-	if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) {
-		err = EPERM;
-		goto out;
-	}
-
 	if (msg->len == sizeof(mc_op))
 		mc_op = *((enum proc_cn_mcast_op *)msg->data);
 	else
@@ -414,7 +408,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
 		break;
 	}
 
-out:
 	cn_proc_ack(err, msg->seq, msg->ack);
 }
 
diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index 1b7851b1aa0f..136a9f38a063 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -251,6 +251,7 @@ static int cn_init(void)
 {
 	struct cn_dev *dev = &cdev;
 	struct netlink_kernel_cfg cfg = {
+		.flags = NL_CFG_F_NONROOT_RECV,
 		.groups	= CN_NETLINK_USERS + 0xf,
 		.input	= cn_rx_skb,
 	};
-- 
2.39.2
Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access
Posted by Christian Brauner 2 years, 6 months ago 
On Wed, Mar 08, 2023 at 07:19:52PM -0800, Anjali Kulkarni wrote:
> The patch allows non-root users to receive cn proc connector
> notifications, as anyone can normally get process start/exit status from
> /proc. The reason for not allowing non-root users to receive multicast
> messages is long gone, as described in this thread:
> https://linux-kernel.vger.kernel.narkive.com/CpJFcnra/multicast-netlink-for-non-root-process

Sorry that thread is kinda convoluted. Could you please provide a
summary in the commit message and explain why this isn't an issue
anymore?
Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access
Posted by Anjali Kulkarni 2 years, 6 months ago 

________________________________________
From: Christian Brauner <brauner@kernel.org>
Sent: Thursday, March 9, 2023 9:09 AM
To: Anjali Kulkarni
Cc: davem@davemloft.net; edumazet@google.com; kuba@kernel.org; pabeni@redhat.com; zbr@ioremap.net; johannes@sipsolutions.net; ecree.xilinx@gmail.com; leon@kernel.org; keescook@chromium.org; socketcan@hartkopp.net; petrm@nvidia.com; linux-kernel@vger.kernel.org; netdev@vger.kernel.org
Subject: Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access

On Wed, Mar 08, 2023 at 07:19:52PM -0800, Anjali Kulkarni wrote:
> The patch allows non-root users to receive cn proc connector
> notifications, as anyone can normally get process start/exit status from
> /proc. The reason for not allowing non-root users to receive multicast
> messages is long gone, as described in this thread:
> https://urldefense.com/v3/__https://linux-kernel.vger.kernel.narkive.com/CpJFcnra/multicast-netlink-for-non-root-process__;!!ACWV5N9M2RV99hQ!NKjh44Qy5cy18bhIbdhHlHeA1w_i-N5u2PdbQPRTobAEUYW8ZiQ8hkOxaojiLWmq3POJ2k4DaD3CtyC9-C3Cnoo$

Sorry that thread is kinda convoluted. Could you please provide a
summary in the commit message and explain why this isn't an issue
anymore?

ANJALI> Looking into this some more, I think that instead of adding non-root access for all NETLINK_CONNECTOR users by including the flag NL_CFG_F_NONROOT_RECV, we could make this change at an even more fine grained level than protocol level. So I will add a check to enable non-root access only for event notification (cn_proc) user of NETLINK_CONNECTOR, based on the multicast group. Since CONNECTOR is very generic and could be used for varied purposes, a more fine grained approach may be required here. I will send the next patch series with this change.
Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access
Posted by Anjali Kulkarni 2 years, 6 months ago 

________________________________________
From: Christian Brauner <brauner@kernel.org>
Sent: Thursday, March 9, 2023 9:09 AM
To: Anjali Kulkarni
Cc: davem@davemloft.net; edumazet@google.com; kuba@kernel.org; pabeni@redhat.com; zbr@ioremap.net; johannes@sipsolutions.net; ecree.xilinx@gmail.com; leon@kernel.org; keescook@chromium.org; socketcan@hartkopp.net; petrm@nvidia.com; linux-kernel@vger.kernel.org; netdev@vger.kernel.org
Subject: Re: [PATCH 4/5] connector/cn_proc: Allow non-root users access

On Wed, Mar 08, 2023 at 07:19:52PM -0800, Anjali Kulkarni wrote:
> The patch allows non-root users to receive cn proc connector
> notifications, as anyone can normally get process start/exit status from
> /proc. The reason for not allowing non-root users to receive multicast
> messages is long gone, as described in this thread:
> https://urldefense.com/v3/__https://linux-kernel.vger.kernel.narkive.com/CpJFcnra/multicast-netlink-for-non-root-process__;!!ACWV5N9M2RV99hQ!NKjh44Qy5cy18bhIbdhHlHeA1w_i-N5u2PdbQPRTobAEUYW8ZiQ8hkOxaojiLWmq3POJ2k4DaD3CtyC9-C3Cnoo$

Sorry that thread is kinda convoluted. Could you please provide a
summary in the commit message and explain why this isn't an issue
anymore?

ANJALI> Will change commit message as follows:
There were a couple of reasons for not allowing non-root users access initially - one is there was "that at some point there was no proper receive buffer management in place for netlink multicast. But that should be long fixed." according to Andi Kleen & Alexey. Second is that some of the messages may contain data that is root only. But this should be handled with a finer granularity, which is being done at the protocol layer.  The only problematic protocols are nf_queue and the firewall netlink, according to Andi. Hence, this restriction for non-root access was relaxed for rtnetlink initially (and subsequently for other protocols as well):
https://lore.kernel.org/all/20020612013101.A22399@wotan.suse.de/
Since process connector messages are not sensitive (process fork, exit notifications etc.), and anyone can read /proc data, we can allow non-root access here too. Reason we need this change is we cannot run our DB application as root.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.