)]}' { "log": [ { "commit": "644473e9c60c1ff4f6351fed637a6e5551e3dce7", "tree": "10316518bedc735a2c6552886658d69dfd9f1eb0", "parents": [ "fb827ec68446c83e9e8754fa9b55aed27ecc4661", "4b06a81f1daee668fbd6de85557bfb36dd36078f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 23 17:42:39 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 23 17:42:39 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace\n\nPull user namespace enhancements from Eric Biederman:\n \"This is a course correction for the user namespace, so that we can\n reach an inexpensive, maintainable, and reasonably complete\n implementation.\n\n Highlights:\n - Config guards make it impossible to enable the user namespace and\n code that has not been converted to be user namespace safe.\n\n - Use of the new kuid_t type ensures the if you somehow get past the\n config guards the kernel will encounter type errors if you enable\n user namespaces and attempt to compile in code whose permission\n checks have not been updated to be user namespace safe.\n\n - All uids from child user namespaces are mapped into the initial\n user namespace before they are processed. Removing the need to add\n an additional check to see if the user namespace of the compared\n uids remains the same.\n\n - With the user namespaces compiled out the performance is as good or\n better than it is today.\n\n - For most operations absolutely nothing changes performance or\n operationally with the user namespace enabled.\n\n - The worst case performance I could come up with was timing 1\n billion cache cold stat operations with the user namespace code\n enabled. This went from 156s to 164s on my laptop (or 156ns to\n 164ns per stat operation).\n\n - (uid_t)-1 and (gid_t)-1 are reserved as an internal error value.\n Most uid/gid setting system calls treat these value specially\n anyway so attempting to use -1 as a uid would likely cause\n entertaining failures in userspace.\n\n - If setuid is called with a uid that can not be mapped setuid fails.\n I have looked at sendmail, login, ssh and every other program I\n could think of that would call setuid and they all check for and\n handle the case where setuid fails.\n\n - If stat or a similar system call is called from a context in which\n we can not map a uid we lie and return overflowuid. The LFS\n experience suggests not lying and returning an error code might be\n better, but the historical precedent with uids is different and I\n can not think of anything that would break by lying about a uid we\n can\u0027t map.\n\n - Capabilities are localized to the current user namespace making it\n safe to give the initial user in a user namespace all capabilities.\n\n My git tree covers all of the modifications needed to convert the core\n kernel and enough changes to make a system bootable to runlevel 1.\"\n\nFix up trivial conflicts due to nearby independent changes in fs/stat.c\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (46 commits)\n userns: Silence silly gcc warning.\n cred: use correct cred accessor with regards to rcu read lock\n userns: Convert the move_pages, and migrate_pages permission checks to use uid_eq\n userns: Convert cgroup permission checks to use uid_eq\n userns: Convert tmpfs to use kuid and kgid where appropriate\n userns: Convert sysfs to use kgid/kuid where appropriate\n userns: Convert sysctl permission checks to use kuid and kgids.\n userns: Convert proc to use kuid/kgid where appropriate\n userns: Convert ext4 to user kuid/kgid where appropriate\n userns: Convert ext3 to use kuid/kgid where appropriate\n userns: Convert ext2 to use kuid/kgid where appropriate.\n userns: Convert devpts to use kuid/kgid where appropriate\n userns: Convert binary formats to use kuid/kgid where appropriate\n userns: Add negative depends on entries to avoid building code that is userns unsafe\n userns: signal remove unnecessary map_cred_ns\n userns: Teach inode_capable to understand inodes whose uids map to other namespaces.\n userns: Fail exec for suid and sgid binaries with ids outside our user namespace.\n userns: Convert stat to return values mapped from kuids and kgids\n userns: Convert user specfied uids and gids in chown into kuids and kgid\n userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs\n ...\n" }, { "commit": "ae2975bc3476243b45a1e2344236d7920c268f38", "tree": "e4b2a8472f6047734b6e7e2bdc994375b2790323", "parents": [ "22d917d80e842829d0ca0a561967d728eb1d6303" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 14 15:56:38 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu May 03 03:27:21 2012 -0700" }, "message": "userns: Convert group_info values from gid_t to kgid_t.\n\nAs a first step to converting struct cred to be all kuid_t and kgid_t\nvalues convert the group values stored in group_info to always be\nkgid_t values. Unless user namespaces are used this change should\nhave no effect.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "95c961747284a6b83a5e2d81240e214b0fa3464d", "tree": "c7be86a00db3605a48a03109fafcbe31039ca2e0", "parents": [ "5e73ea1a31c3612aa6dfe44f864ca5b7b6a4cff9" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sun Apr 15 05:58:06 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Apr 15 12:44:40 2012 -0400" }, "message": "net: cleanup unsigned to unsigned int\n\nUse of \"unsigned int\" is preferred to bare \"unsigned\" in net tree.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5e73ea1a31c3612aa6dfe44f864ca5b7b6a4cff9", "tree": "ab5eebe93e10e7e69042b15603a5b3844c049f6b", "parents": [ "586d17c5a01bf1ae4e215adc6c48457eee5482bc" ], "author": { "name": "Daniel Baluta", "email": "dbaluta@ixiacom.com", "time": "Sun Apr 15 01:34:41 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Apr 15 12:37:19 2012 -0400" }, "message": "ipv4: fix checkpatch errors\n\nFix checkpatch errors of the following type:\n\t* ERROR: \"foo * bar\" should be \"foo *bar\"\n\t* ERROR: \"(foo*)\" should be \"(foo *)\"\n\nSigned-off-by: Daniel Baluta \u003cdbaluta@ixiacom.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9ffc93f203c18a70623f21950f1dd473c9ec48cd", "tree": "1eb3536ae183b0bfbf7f5152a6fe4f430ae881c2", "parents": [ "96f951edb1f1bdbbc99b0cd458f9808bb83d58ae" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Mar 28 18:30:03 2012 +0100" }, "message": "Remove all #inclusions of asm/system.h\n\nRemove all #inclusions of asm/system.h preparatory to splitting and killing\nit. Performed with the following command:\n\nperl -p -i -e \u0027s!^#\\s*include\\s*\u003casm/system[.]h\u003e.*\\n!!\u0027 `grep -Irl \u0027^#\\s*include\\s*\u003casm/system[.]h\u003e\u0027 *`\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "058bd4d2a4ff0aaa4a5381c67e776729d840c785", "tree": "4d1ea864a8740676c7e7c5a03cdaa67fc5f29418", "parents": [ "43db362d3adda9e0a915ddb9a8d1a41186e19179" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Sun Mar 11 18:36:11 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Mar 11 23:42:51 2012 -0700" }, "message": "net: Convert printks to pr_\u003clevel\u003e\n\nUse a more current kernel messaging style.\n\nConvert a printk block to print_hex_dump.\nCoalesce formats, align arguments.\nUse %s, __func__ instead of embedding function names.\n\nSome messages that were prefixed with \u003cfoo\u003e_close are\nnow prefixed with \u003cfoo\u003e_fini. Some ah4 and esp messages\nare now not prefixed with \"ip \".\n\nThe intent of this patch is to later add something like\n #define pr_fmt(fmt) \"IPv4: \" fmt.\nto standardize the output messages.\n\nText size is trivially reduced. (x86-32 allyesconfig)\n\n$ size net/ipv4/built-in.o*\n text\t data\t bss\t dec\t hex\tfilename\n 887888\t 31558\t 249696\t1169142\t 11d6f6\tnet/ipv4/built-in.o.new\n 887934\t 31558\t 249800\t1169292\t 11d78c\tnet/ipv4/built-in.o.old\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ff4783ce78c08d2990126ce1874250ae8e72bbd2", "tree": "5c95885a4ab768101dd72942b57c238d452a7565", "parents": [ "622121719934f60378279eb440d3cec2fc3176d2", "203738e548cefc3fc3c2f73a9063176c9f3583d5" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Feb 26 21:55:51 2012 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Feb 26 21:55:51 2012 -0500" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net\n\nConflicts:\n\tdrivers/net/ethernet/sfc/rx.c\n\nOverlapping changes in drivers/net/ethernet/sfc/rx.c, one to change\nthe rx_buf-\u003eis_page boolean into a set of u16 flags, and another to\nadjust how -\u003eip_summed is initialized.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a5e7424d424f6398a198ead79d99e0a3c2f24ce8", "tree": "2fc4ba0c2664cefb38f47c372260ee379d0e2f79", "parents": [ "115c9b81928360d769a76c632bae62d15206a94a" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 21 17:59:19 2012 -0500" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Feb 21 17:59:19 2012 -0500" }, "message": "ipv4: ping: Fix recvmsg MSG_OOB error handling.\n\nDon\u0027t return an uninitialized variable as the error, return\n-EOPNOTSUPP instead.\n\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "76e21053b5bf33a07c76f99d27a74238310e3c71", "tree": "70ac2a67be8f19da96896950447567e156975149", "parents": [ "43480aecb1f538d4f6dd8b2c5d2b71fb98659072" ], "author": { "name": "Erich E. Hoover", "email": "ehoover@mines.edu", "time": "Wed Feb 08 09:11:07 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Feb 08 15:52:45 2012 -0500" }, "message": "ipv4: Implement IP_UNICAST_IF socket option.\n\nThe IP_UNICAST_IF feature is needed by the Wine project. This patch\nimplements the feature by setting the outgoing interface in a similar\nfashion to that of IP_MULTICAST_IF. A separate option is needed to\nhandle this feature since the existing options do not provide all of\nthe characteristics required by IP_UNICAST_IF, a summary is provided\nbelow.\n\nSO_BINDTODEVICE:\n* SO_BINDTODEVICE requires administrative privileges, IP_UNICAST_IF\ndoes not. From reading some old mailing list articles my\nunderstanding is that SO_BINDTODEVICE requires administrative\nprivileges because it can override the administrator\u0027s routing\nsettings.\n* The SO_BINDTODEVICE option restricts both outbound and inbound\ntraffic, IP_UNICAST_IF only impacts outbound traffic.\n\nIP_PKTINFO:\n* Since IP_PKTINFO and IP_UNICAST_IF are independent options,\nimplementing IP_UNICAST_IF with IP_PKTINFO will likely break some\napplications.\n* Implementing IP_UNICAST_IF on top of IP_PKTINFO significantly\ncomplicates the Wine codebase and reduces the socket performance\n(doing this requires a lot of extra communication between the\n\"server\" and \"user\" layers).\n\nbind():\n* bind() does not work on broadcast packets, IP_UNICAST_IF is\nspecifically intended to work with broadcast packets.\n* Like SO_BINDTODEVICE, bind() restricts both outbound and inbound\ntraffic.\n\nSigned-off-by: Erich E. Hoover \u003cehoover@mines.edu\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "747465ef7a082033e086dedc8189febfda43b015", "tree": "efbdc7a1f25f7bced035077769b4005ea1419abc", "parents": [ "2b2d465631db59c144f537a9bef47a883c55d670" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Mon Jan 16 19:27:39 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jan 17 10:31:12 2012 -0500" }, "message": "net: fix some sparse errors\n\nmake C\u003d2 CF\u003d\"-D__CHECK_ENDIAN__\" M\u003dnet\n\nAnd fix flowi4_init_output() prototype for sport\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fb120c0a2775b0d2d095a99ea8432bfb5d444ab2", "tree": "3bbac5493bcb97f2103a405d0f8cb551595d886a", "parents": [ "282edcece39e08d02c22492d593e4b9b94a65dff" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Thu Nov 17 04:40:20 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 18 14:38:59 2011 -0500" }, "message": "ping: dont increment ICMP_MIB_INERRORS\n\nping module incorrectly increments ICMP_MIB_INERRORS if feeded with a\nframe not belonging to its own sockets.\n\nRFC 2011 states that ICMP_MIB_INERRORS should count \"the number of ICMP\nmessages which the entiry received but determined as having\nICMP-specific errors (bad ICMP checksums, bad length, etc.).\"\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCC: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nAcked-by: Flavio Leitner \u003cfbl@redhat.com\u003e\nAcked-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bc3b2d7fb9b014d75ebb79ba371a763dbab5e8cf", "tree": "b0fd4e724bdb1c0a1783616614ae5a9dec1cfa5c", "parents": [ "d9b9384215e17c68d7b6bd05d6fa409e5d4140d7" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Fri Jul 15 11:47:34 2011 -0400" }, "committer": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Oct 31 19:30:30 2011 -0400" }, "message": "net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules\n\nThese files are non modular, but need to export symbols using\nthe macros now living in export.h -- call out the include so\nthat things won\u0027t break when we remove the implicit presence\nof module.h from everywhere.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\n" }, { "commit": "8ad2475e3555346fbd738e77da12578b97d10505", "tree": "da23912aab5aa9433b7f3932bdb10e0158fda37e", "parents": [ "c82b9d7fe7464aec78210544948564ffe3bb2d2b" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Jun 19 22:31:20 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jun 20 13:04:38 2011 -0700" }, "message": "ipv4, ping: Remove duplicate icmp.h include\n\nRemove the duplicate inclusion of net/icmp.h from net/ipv4/ping.c\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "19a76fa9593bad778dabeeec1f6c2df6effe9ca3", "tree": "b22ca6963dd1baa18997eb138cfcfc50df4a8bf9", "parents": [ "4867faab1e3eb8cc3f74e390357615d9b8e8cda6" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sun May 22 22:23:00 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon May 23 16:29:24 2011 -0400" }, "message": "net: ping: cleanups ping_v4_unhash()\n\nnet/ipv4/ping.c: In function ‘ping_v4_unhash’:\nnet/ipv4/ping.c:140:28: warning: variable ‘hslot’ set but not used\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCC: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nAcked-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "75e308c894c4a5e47c005b8e821ae5f539ad2ef3", "tree": "2bd8e3e35f42854fc49a34282c7c83b280c63840", "parents": [ "bb0cd2fb539c4e454ed32e32194acc03b75753f3" ], "author": { "name": "Changli Gao", "email": "xiaosuo@gmail.com", "time": "Wed May 18 21:16:01 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu May 19 16:17:51 2011 -0400" }, "message": "net: ping: fix the coding style\n\nThe characters in a line should be no more than 80.\n\nSigned-off-by: Changli Gao \u003cxiaosuo@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "bb0cd2fb539c4e454ed32e32194acc03b75753f3", "tree": "e47d019230025967f8f25bfabdfe6f51dce595c6", "parents": [ "6b60d7b9df727726dfb7e59ca0a7caf14e81e0a2" ], "author": { "name": "Changli Gao", "email": "xiaosuo@gmail.com", "time": "Wed May 18 21:16:00 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu May 19 16:17:51 2011 -0400" }, "message": "net: ping: make local functions static\n\nAs these functions are only used in this file.\n\nSigned-off-by: Changli Gao \u003cxiaosuo@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f56e03e8dc149bf0ac2888d6843584f48c8700fc", "tree": "071864cd821423ff1caf06d824823b533cbcab77", "parents": [ "6dcae1eaee2b437536b2fe928a609f9589691ebf" ], "author": { "name": "Vasiliy Kulikov", "email": "segoon@openwall.com", "time": "Tue May 17 00:16:56 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue May 17 14:16:58 2011 -0400" }, "message": "net: ping: fix build failure\n\nIf CONFIG_PROC_SYSCTL\u003dn the building process fails:\n\n ping.c:(.text+0x52af3): undefined reference to `inet_get_ping_group_range_net\u0027\n\nMoved inet_get_ping_group_range_net() to ping.c.\n\nReported-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1a8218e96271790a07dd7065a2ef173e0f67e328", "tree": "3bf2696f434e21c92809b4812fa34b57061ce783", "parents": [ "534ea99b063de7c30262a8e22f0ab44dd7d11a71" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sun May 15 21:26:31 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon May 16 11:49:39 2011 -0400" }, "message": "net: ping: dont call udp_ioctl()\n\nudp_ioctl() really handles UDP and UDPLite protocols.\n\n1) It can increment UDP_MIB_INERRORS in case first_packet_length() finds\na frame with bad checksum.\n\n2) It has a dependency on sizeof(struct udphdr), not applicable to\nICMP/PING\n\nIf ping sockets need to handle SIOCINQ/SIOCOUTQ ioctl, this should be\ndone differently.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCC: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nAcked-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1b1cb1f78a5e9d54c13e176020c3e8ded5d081ce", "tree": "bc29b3c20433a678af2868aa5a49a56b8b9468dc", "parents": [ "89c64d755fbf04d7541d526931dc4b38301946d1" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri May 13 22:59:19 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun May 15 01:22:21 2011 -0400" }, "message": "net: ping: small changes\n\nping_table is not __read_mostly, since it contains one rwlock,\nand is static to ping.c\n\nping_port_rover \u0026 ping_v4_lookup are static\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c319b4d76b9e583a5d88d6bf190e079c4e43213d", "tree": "22fcc6f1c671908d640145c1f82e5290cd40f715", "parents": [ "f20190302e3e697a166cc28ebef43058749dedda" ], "author": { "name": "Vasiliy Kulikov", "email": "segoon@openwall.com", "time": "Fri May 13 10:01:00 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri May 13 16:08:13 2011 -0400" }, "message": "net: ipv4: add IPPROTO_ICMP socket kind\n\nThis patch adds IPPROTO_ICMP socket kind. It makes it possible to send\nICMP_ECHO messages and receive the corresponding ICMP_ECHOREPLY messages\nwithout any special privileges. In other words, the patch makes it\npossible to implement setuid-less and CAP_NET_RAW-less /bin/ping. In\norder not to increase the kernel\u0027s attack surface, the new functionality\nis disabled by default, but is enabled at bootup by supporting Linux\ndistributions, optionally with restriction to a group or a group range\n(see below).\n\nSimilar functionality is implemented in Mac OS X:\nhttp://www.manpagez.com/man/4/icmp/\n\nA new ping socket is created with\n\n socket(PF_INET, SOCK_DGRAM, PROT_ICMP)\n\nMessage identifiers (octets 4-5 of ICMP header) are interpreted as local\nports. Addresses are stored in struct sockaddr_in. No port numbers are\nreserved for privileged processes, port 0 is reserved for API (\"let the\nkernel pick a free number\"). There is no notion of remote ports, remote\nport numbers provided by the user (e.g. in connect()) are ignored.\n\nData sent and received include ICMP headers. This is deliberate to:\n1) Avoid the need to transport headers values like sequence numbers by\nother means.\n2) Make it easier to port existing programs using raw sockets.\n\nICMP headers given to send() are checked and sanitized. The type must be\nICMP_ECHO and the code must be zero (future extensions might relax this,\nsee below). The id is set to the number (local port) of the socket, the\nchecksum is always recomputed.\n\nICMP reply packets received from the network are demultiplexed according\nto their id\u0027s, and are returned by recv() without any modifications.\nIP header information and ICMP errors of those packets may be obtained\nvia ancillary data (IP_RECVTTL, IP_RETOPTS, and IP_RECVERR). ICMP source\nquenches and redirects are reported as fake errors via the error queue\n(IP_RECVERR); the next hop address for redirects is saved to ee_info (in\nnetwork order).\n\nsocket(2) is restricted to the group range specified in\n\"/proc/sys/net/ipv4/ping_group_range\". It is \"1 0\" by default, meaning\nthat nobody (not even root) may create ping sockets. Setting it to \"100\n100\" would grant permissions to the single group (to either make\n/sbin/ping g+s and owned by this group or to grant permissions to the\n\"netadmins\" group), \"0 4294967295\" would enable it for the world, \"100\n4294967295\" would enable it for the users, but not daemons.\n\nThe existing code might be (in the unlikely case anyone needs it)\nextended rather easily to handle other similar pairs of ICMP messages\n(Timestamp/Reply, Information Request/Reply, Address Mask Request/Reply\netc.).\n\nUserspace ping util \u0026 patch for it:\nhttp://openwall.info/wiki/people/segoon/ping\n\nFor Openwall GNU/*/Linux it was the last step on the road to the\nsetuid-less distro. A revision of this patch (for RHEL5/OpenVZ kernels)\nis in use in Owl-current, such as in the 2011/03/12 LiveCD ISOs:\nhttp://mirrors.kernel.org/openwall/Owl/current/iso/\n\nInitially this functionality was written by Pavel Kankovsky for\nLinux 2.4.32, but unfortunately it was never made public.\n\nAll ping options (-b, -p, -Q, -R, -s, -t, -T, -M, -I), are tested with\nthe patch.\n\nPATCH v3:\n - switched to flowi4.\n - minor changes to be consistent with raw sockets code.\n\nPATCH v2:\n - changed ping_debug() to pr_debug().\n - removed CONFIG_IP_PING.\n - removed ping_seq_fops.owner field (unused for procfs).\n - switched to proc_net_fops_create().\n - switched to %pK in seq_printf().\n\nPATCH v1:\n - fixed checksumming bug.\n - CAP_NET_RAW may not create icmp sockets anymore.\n\nRFC v2:\n - minor cleanups.\n - introduced sysctl\u0027able group range to restrict socket(2).\n\nSigned-off-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" } ] }