Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
We should get rid of Netlink. #75
-- For the most part, at least.
Here's the background:
Which means that any user can wreck the NAT64's traffic.
Netlink is fine for querying the module (for the BIB and session databases and such), but anything configuration-related would be best left for sysctls and whatnot.
I'm tagging this as non-critical because people can work around it by not giving untrusted users access to the translator machine. As far as security goes however, it sounds quite unacceptable.
According to the RFC
" Netlink lives in a trusted environment of a single host separated by
Netlink itself can handle security policies on the kernel module, with the struct genl_ops for example.
libnl, I think this is the one you're using.... has some authentication functionality with nl_socket_set_passcred
What I'm trying to say is that you guys need to be correctly validating the origin on Netlink messages. You need to secure your code and don't expect to be secure by itself.
If changing to sysctls already provides security controls for you then go ahead..
Just my 2 cents