On Wed, 2015-12-16 at 14:55 -0500, Jamal Hadi Salim wrote: > On 15-12-16 10:50 AM, Eric Dumazet wrote: > > On Wed, 2015-12-16 at 07:43 -0800, Stephen Hemminger wrote: > > > >> > >> I see no security checks in the diag infrastructure. > >> Up until now diag has been read-only access and therefore has been > >> allowed for all users. > > > > It is still allowed to all users. > > > > Only the 'destroy' operation is restricted. > > The question i had was the opposite when i saw this: why are > regular users allowed to read admin (and any other users) details?;-> > On this specific feature: why, as a regular user, I cant close > connections attributed to me (and have to use CAP_NET_ADMIN)?
I guess that we need to be careful here. socket can be shared by fd passing to multiple users. Who really owns it ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
