Ticket #820 (closed defect: fixed)
debathena-metrics should only accept messages from the kernel
Reported by: | nelhage | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | The Distant Future |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
Since auditing for this seems to be my thing lately....
Any process can send a netlink message to any other userspace netlink socket on
the system, so users can fake arbitrary proc-connector events. You need to
verify the sender was actually the kernel by checking the pid on the received
address.
You probably don't really care for debathena-metrics, but the connector code is
written to be generic, so we might as well fix it lest someone else grab it for
another purpose.
diff --git a/debathena/metrics/connector.pyx b/debathena/metrics/connector.pyx index 5900556..1f0c44d 100644 --- a/debathena/metrics/connector.pyx +++ b/debathena/metrics/connector.pyx @@ -270,14 +270,16 @@ cdef class Connector: cdef proc_event *ev cdef object ret - from_addr.nl_family = AF_NETLINK - from_addr.nl_groups = CN_IDX_PROC - from_addr.nl_pid = 1 s = sizeof(from_addr) - if recvfrom(self.sock, buf, sizeof(buf), 0, - <sockaddr *>&from_addr, &s) == -1: - raise IOError(errno, strerror(errno)) + while True: + if recvfrom(self.sock, buf, sizeof(buf), 0, + <sockaddr *>&from_addr, &s) == -1: + raise IOError(errno, strerror(errno)) + + if from_addr.nl_pid != 0: + # Ignore messages that don't come from the kernel + continue
Change History
Note: See
TracTickets for help on using
tickets.
geofft apparently committed this back in 2011 as metrics:077cee23