On Wed, Oct 25, 2017 at 06:37:16AM -0700, Eric Dumazet wrote:
> On Wed, 2017-10-25 at 00:17 -0700, Andrei Vagin wrote:
> > socket_diag shows information only about sockets from a namespace where
> > a diag socket lives.
> >
> > But if we request information about one unix socket, the kernel don't
> > check that its netns is matched with a diag socket namespace, so any
> > user can get information about any unix socket in a system. This looks
> > like a bug.
>
> Then if this a bug please provide a Fixes: tag
>
> This way, we can know exact cutoff for backports.
>
> I suspect that would be
>
> Fixes: 51d7cccf0723 ("net: make sock diag per-namespace")
Thank you, Eric. It's my fault, I forgot to add it.
>
> Thanks.
>
>
