[PATCH 1/2] rtnetlink: gate MAC address with an LSM hook
David Miller
davem at davemloft.net
Fri Aug 23 21:41:45 UTC 2019
From: Jeffrey Vander Stoep <jeffv at google.com>
Date: Fri, 23 Aug 2019 13:41:38 +0200
> I could make this really generic by adding a single hook to the end of
> sock_msgrecv() which would allow an LSM to modify the message to omit
> the MAC address and any other information that we deem as sensitive in the
> future. Basically what Casey was suggesting. Thoughts on that approach?
Editing the SKB in place is generally frowned upon, and it could be cloned
and in used by other code paths even, so would need to be copied or COW'd.
More information about the Linux-security-module-archive
mailing list