Ticket #820 (closed defect: fixed)

Opened 11 years ago

Last modified 8 years ago

debathena-metrics should only accept messages from the kernel

Reported by: nelhage Owned by:
Priority: low Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

Since auditing for this seems to be my thing lately....

Any process can send a netlink message to any other userspace netlink socket on
the system, so users can fake arbitrary proc-connector events. You need to
verify the sender was actually the kernel by checking the pid on the received
address.

You probably don't really care for debathena-metrics, but the connector code is
written to be generic, so we might as well fix it lest someone else grab it for
another purpose.

diff --git a/debathena/metrics/connector.pyx b/debathena/metrics/connector.pyx
index 5900556..1f0c44d 100644
--- a/debathena/metrics/connector.pyx
+++ b/debathena/metrics/connector.pyx
@@ -270,14 +270,16 @@ cdef class Connector:
        cdef proc_event *ev
        cdef object ret

-        from_addr.nl_family = AF_NETLINK
-        from_addr.nl_groups = CN_IDX_PROC
-        from_addr.nl_pid = 1
        s = sizeof(from_addr)

-        if recvfrom(self.sock, buf, sizeof(buf), 0,
-                    <sockaddr *>&from_addr, &s) == -1:
-            raise IOError(errno, strerror(errno))
+        while True:
+            if recvfrom(self.sock, buf, sizeof(buf), 0,
+                        <sockaddr *>&from_addr, &s) == -1:
+                raise IOError(errno, strerror(errno))
+
+            if from_addr.nl_pid != 0:
+                # Ignore messages that don't come from the kernel
+                continue

Change History

comment:1 Changed 8 years ago by jdreed

  • Status changed from new to closed
  • Resolution set to fixed

geofft apparently committed this back in 2011 as  metrics:077cee23

Note: See TracTickets for help on using tickets.