On Wed, Oct 25, 2017 at 06:37:16AM -0700, Eric Dumazet wrote:
> On Wed, 2017-10-25 at 00:17 -0700, Andrei Vagin wrote:
> > socket_diag shows information only about sockets from a namespace where
> > a diag socket lives.
> >
> > But if we request information about one unix socket, the kernel don't
On Wed, 2017-10-25 at 00:17 -0700, Andrei Vagin wrote:
> socket_diag shows information only about sockets from a namespace where
> a diag socket lives.
>
> But if we request information about one unix socket, the kernel don't
> check that its netns is matched with a diag socket namespace, so any
>
socket_diag shows information only about sockets from a namespace where
a diag socket lives.
But if we request information about one unix socket, the kernel don't
check that its netns is matched with a diag socket namespace, so any
user can get information about any unix socket in a system. This l
