Parsing non-sendable cmsg in SendMsg syscall should fail

Question

Parsing non-sendable cmsg in SendMsg syscall should fail

arthurpi opened this issue 2 years ago · comments

Description

Some control messages can't be sent (only received). For example, IP_RECVERR or IP_RECVORIGDSTADDR.

In the syscall implementation of SendMsg in sentry, we call control.Parse on the raw cmsg bytes. This function should refuse non-sendable control messages.

Steps to reproduce

No response

runsc version

No response

docker version (if using docker)

No response

uname

No response

kubectl (if using Kubernetes)

No response

repo state (if built from source)

No response

runsc debug logs (if available)

No response

Sourik Ghosh · Answer 1 · Thu Mar 03 2022 18:54:06 GMT+0800 (China Standard Time)

Hey, @arthurpi can I pick this issue. And can you give me some hints on where to start looking for making this change?

github-actions · Answer 2 · Wed Sep 13 2023 08:19:33 GMT+0800 (China Standard Time)

A friendly reminder that this issue had no activity for 120 days.