Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4383745pxb; Tue, 2 Mar 2021 13:54:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJyqXuk4/ID6MWDq9Y+b2WkA5yLImvHCoEUP3sydFVBm84Ypu4U0Z8p4njNT6JAChhY4/xKW X-Received: by 2002:a17:906:7797:: with SMTP id s23mr12337464ejm.98.1614722048340; Tue, 02 Mar 2021 13:54:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614722048; cv=none; d=google.com; s=arc-20160816; b=DeQZ4tP6jwoULI5U8PeFNwC1+iP/UTjVdaf8q2RtSt0Zh87/M0D++J2ZXo7HtEqKyF 7H1Ms4fnHm2e4Q0MU2wOG0m65KQHkmWZfd88ejqdpLi5HQZwdox8rdutz+67D/fgggp1 pep9fT0xJij2ovQhi1o+emFcNaP+vVfGhCDXsEectWpFEhq3dayRyqPiIVWIS0eKkzf7 YIVU3ikqieh4snZT9pWQdwY3UnwxkOklgD8hWtUGkex6USQUMJgyxUfeI42gIxz6/L/6 NyElM3G0UXyMKja/tlfBHdSpGjmyI60svLy0HC3fbkGQDMgzCslTQYG3zBQGMP8ftX1p VTZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=eD8rSYa5i1aNTxkcJsQCeJkUi+zmwtUPXwgP4QyvWYg=; b=Kc24hvdH+dIYMJbAX2O+dG9BLPVq7RA8ZNcnBCzDW9eWx84KC5NvFYZWr9C7L7lSzJ zI05Ft2Hph/2TBFoibtdm73X0Hb6oVt2Go8iimtHD/OoriIiiJSb10ZDcB8H6+ZLuJ3P Ge7DWTorwx/QX2MOLfW7KSsKl2COJOP/n5LSc5w3dUnWmQ8l2mgYKbhL57/R6mmR+h4e JPAlD3VW+Jspczuwcc6LeopN2F5r80LSRiUUY7F5jlESOFQyGKSuBVO2EgVV3uqkMUIj JeB4b8lzQnWqFpZQO5ZVuRNckZttpP0Ujtu9ULgFnaFAsDh/wOOIBQiwo9ynIx8eMH4p /0yQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j21si13466170edh.58.2021.03.02.13.53.45; Tue, 02 Mar 2021 13:54:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380083AbhCBKaw (ORCPT + 99 others); Tue, 2 Mar 2021 05:30:52 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:48520 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1382771AbhCBKPE (ORCPT ); Tue, 2 Mar 2021 05:15:04 -0500 Received: from ip5f5af0a0.dynamic.kabel-deutschland.de ([95.90.240.160] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lH22Y-0003K9-EC; Tue, 02 Mar 2021 10:14:06 +0000 Date: Tue, 2 Mar 2021 11:14:04 +0100 From: Christian Brauner To: Lorenz Bauer Cc: Alexander Viro , "David S. Miller" , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , kernel-team , Linux API , linux-fsdevel@vger.kernel.org, LKML , Networking , bpf Subject: Re: [PATCH bpf 2/4] nsfs: add an ioctl to discover the network namespace cookie Message-ID: <20210302101404.ns3t7oow4a565l7a@wittgenstein> References: <20210210120425.53438-1-lmb@cloudflare.com> <20210210120425.53438-3-lmb@cloudflare.com> <20210301100420.slnjvzql6el4jlfj@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 02, 2021 at 09:47:10AM +0000, Lorenz Bauer wrote: > On Mon, 1 Mar 2021 at 10:04, Christian Brauner > wrote: > > > > Hey Lorenz, > > > > Just to make sure: is it intentional that any user can retrieve the > > cookie associated with any network namespace, i.e. you don't require any > > form of permission checking in the owning user namespace of the network > > namespace? > > > > Christian > > Hi Christian, > > I've decided to drop the patch set for now, but that was my intention, yes. Is > there a downside I'm not aware of? It depends on whether this cookie is in any way security or at least information sensitive. For example, would leaking it between unprivileged containers with different user+network namespace pairs allow one container to gain access to information about the other container that it shouldn't. Christian