On 08/12/2015 03:43 PM, ira.weiny wrote: > On Mon, Aug 10, 2015 at 10:46:55PM -0400, [email protected] wrote: >> From: Ira Weiny <[email protected]> >> >> The recently added SA Netlink service requires admin privileges to receive >> kernel requests. This is only partially sufficient to protect the kernel >> from >> malicious users. This patch fixes two issues. >> >> 1) Path responses from user space could be spoofed if the sequence >> number was properly guessed. >> 2) The set timeout request message could be issued by any user. >> >> Ignore these messages if not submitted by an admin user. >> >> Fixes: 6619209af36c ("IB/sa: Route SA pathrecord query through netlink") >> Signed-off-by: Ira Weiny <[email protected]> >> >> --- >> Changes from V1: >> Use netlink_net_capable rather than ns_capable > > Doug, > > As per the thread with the V1 patch we are looking to merge this into a v9 of > Kaikes series once we do some more testing with the netlink_bind and > namespaces. > > So you can safely ignore both v1 and this patch.
Ok. -- Doug Ledford <[email protected]> GPG KeyID: 0E572FDD
signature.asc
Description: OpenPGP digital signature
