https://bugzilla.novell.com/show_bug.cgi?id=754611 https://bugzilla.novell.com/show_bug.cgi?id=754611#c0 Summary: Netlink and raw packet inconsistencies or obsolete man pages? Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: All OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: nt1277@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 man 7 netlink states that: "Only processes with an effective UID of 0 or the CAP_NET_ADMIN capability may send or listen to a netlink multicast group." In addition man 7 capabilities states that: "CAP_NET_RAW Use RAW and PACKET sockets." Despite these statements I was able to run the followinng code without getting any access denied type error messages: ################################ #include <sys/types.h> #include <sys/socket.h> #include <linux/netlink.h> #include <unistd.h> int filedes; struct sockaddr_nl nladdr={AF_NETLINK,0,0,0}; int main(int argc, char *argv[], char *envp[]) { nladdr.nl_pid=getpid(); filedes=socket(AF_NETLINK, SOCK_RAW, NETLINK_KOBJECT_UEVENT); bind(filedes,(struct sockaddr*)&nladdr,sizeof(nladdr)); close(filedes); } ################################ Sorry for not testing if I can actually send or receive raw multicast netlink packages, this is because I'm not a programmer actually. The code above could be run without any problem on openSUSE 12.1's tandard kernel and on a vanilla 2.6.32.49. Is it a bug or is it intentional (and then man pages are outdated)? In the latter case what protects the udev subsystem for example? Reproducible: Always Steps to Reproduce: 1. Compile the code above 2. Strace it and see what return values you are getting Actual Results: The kernel lets ordinary users create a raw netlink socket with multipath bitmaps enabled. Expected Results: According to the mentioned manpages it probably should prohibit it instead. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.