From: Patrick McHardy <kaber@trash•net>
To: Urs Thuermann <urs@isnogud•escape.de>
Cc: netdev@vger•kernel.org, David Miller <davem@davemloft•net>,
Thomas Gleixner <tglx@linutronix•de>,
Oliver Hartkopp <oliver@hartkopp•net>,
Oliver Hartkopp <oliver.hartkopp@volkswagen•de>
Subject: Re: [PATCH 3/7] CAN: Add raw protocol
Date: Sat, 22 Sep 2007 13:02:45 +0200 [thread overview]
Message-ID: <46F4F655.5000009@trash.net> (raw)
In-Reply-To: <ygfvea3u3u2.fsf@janus.isnogud.escape.de>
Urs Thuermann wrote:
> Patrick McHardy <kaber@trash•net> writes:
>>
>>>+config CAN_RAW_USER
>>>+ bool "Allow non-root users to access Raw CAN Protocol sockets"
>>
>>
>>If you plan to remove this option, it should happen before merging
>>since it affects userspace visible behaviour.
>
>
> We have discussed this and have come to the conclusion that we should
> remove permission checks completely, i.e. any user can open any CAN
> socket (raw, bcm, or whatever will be implemented in the future).
> This is because CAN is a pure broadcast network with no addresses.
> CAN frames can't be directed to only one machine or a group or to only
> one process (say one port). There is no communication between only
> two (or some number) of stations which must be protected from other
> stations.
>
> On the other hand, requiring a process to have CAP_NET_RAW to open a
> CAN socket would mean that such process would also be able to sniff on
> your ethernet or WLAN interfaces, which one probably wouldn't want.
>
> We have added that check when we still allowed the CAN raw socket to
> bind to any interface and we didn't want an unprivileged process to be
> able to read all e.g. TCP/IP traffic. Now binding is restricted to
> ARPHRD_CAN interfaces. But even without this restriction the check is
> not necessary, since all CAN sockets can only receive and send
> ETH_P_CAN packets. So even if there would be an encapsulation of CAN
> frames over ethernet or some other type of network, a normal user
> process opening a CAN socket would only be able to read/write CAN
> traffic, which should be OK without any special capability.
>
> So what do you think about this?
I believe that should be fine.
next prev parent reply other threads:[~2007-09-22 11:10 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-20 18:43 [PATCH 0/7] CAN: Add new PF_CAN protocol family, try #7 Urs Thuermann
2007-09-20 18:43 ` [PATCH 1/7] CAN: Allocate protocol numbers for PF_CAN Urs Thuermann
2007-09-20 18:43 ` [PATCH 2/7] CAN: Add PF_CAN core module Urs Thuermann
2007-09-20 20:06 ` Joe Perches
2007-09-20 20:27 ` Thomas Gleixner
2007-09-21 10:35 ` Urs Thuermann
2007-09-21 16:58 ` Joe Perches
2007-09-24 19:23 ` Urs Thuermann
2007-09-21 12:47 ` Patrick McHardy
2007-09-21 18:01 ` Urs Thuermann
2007-09-22 10:53 ` Patrick McHardy
2007-09-20 18:43 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-09-21 12:49 ` Patrick McHardy
2007-09-21 21:05 ` Urs Thuermann
2007-09-22 11:02 ` Patrick McHardy [this message]
2007-09-20 18:43 ` [PATCH 4/7] CAN: Add broadcast manager (bcm) protocol Urs Thuermann
2007-09-20 18:43 ` [PATCH 5/7] CAN: Add virtual CAN netdevice driver Urs Thuermann
2007-09-27 15:54 ` Eric W. Biederman
2007-09-27 16:16 ` Eric W. Biederman
2007-09-27 19:18 ` David Miller
2007-09-28 8:48 ` Oliver Hartkopp
2007-09-28 16:52 ` Eric W. Biederman
2007-09-28 18:33 ` Oliver Hartkopp
2007-09-20 18:43 ` [PATCH 6/7] CAN: Add maintainer entries Urs Thuermann
2007-09-20 18:43 ` [PATCH 7/7] CAN: Add documentation Urs Thuermann
-- strict thread matches above, loose matches on Subject: below --
2007-11-16 15:02 [PATCH 0/7] CAN: New PF_CAN protocol family for 2.6.25, update Urs Thuermann
2007-11-16 15:02 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-11-14 12:13 [PATCH 0/7] CAN: New PF_CAN protocol family for 2.6.25 Urs Thuermann
2007-11-14 12:13 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-10-05 10:49 [PATCH 0/7] CAN: Add new PF_CAN protocol family, try #10 Urs Thuermann
2007-10-05 10:49 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-10-02 13:10 [PATCH 0/7] CAN: Add new PF_CAN protocol family, try #9 Urs Thuermann
2007-10-02 13:10 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-10-02 14:30 ` Arnaldo Carvalho de Melo
2007-10-02 14:53 ` Oliver Hartkopp
2007-10-04 11:52 ` Urs Thuermann
2007-09-25 12:20 [PATCH 0/7] CAN: Add new PF_CAN protocol family, try #8 Urs Thuermann
2007-09-25 12:20 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-09-17 10:03 [PATCH 0/7] CAN: Add new PF_CAN protocol family, try #6 Urs Thuermann
2007-09-17 10:03 ` [PATCH 3/7] CAN: Add raw protocol Urs Thuermann
2007-09-18 14:13 ` Patrick McHardy
2007-09-18 21:49 ` Urs Thuermann
2007-09-19 8:34 ` Patrick McHardy
2007-08-04 2:06 [patch 0/7] CAN: Add new PF_CAN protocol family, try #5 Urs Thuermann
2007-08-04 2:07 ` [patch 3/7] CAN: Add raw protocol Urs Thuermann
2007-06-22 3:44 [patch 0/7] CAN: Add new PF_CAN protocol family, try #3 Urs Thuermann
2007-06-22 3:44 ` [patch 3/7] CAN: Add raw protocol Urs Thuermann
2007-05-30 13:11 [patch 0/7] CAN: Add new PF_CAN protocol family, update Urs Thuermann
2007-05-30 13:11 ` [patch 3/7] CAN: Add raw protocol Urs Thuermann
2007-05-16 14:51 [patch 0/7] CAN: Add new PF_CAN protocol family Urs Thuermann
2007-05-16 14:51 ` [patch 3/7] CAN: Add raw protocol Urs Thuermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46F4F655.5000009@trash.net \
--to=kaber@trash$(echo .)net \
--cc=davem@davemloft$(echo .)net \
--cc=netdev@vger$(echo .)kernel.org \
--cc=oliver.hartkopp@volkswagen$(echo .)de \
--cc=oliver@hartkopp$(echo .)net \
--cc=tglx@linutronix$(echo .)de \
--cc=urs@isnogud$(echo .)escape.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox