A privilege escalation flaw in udev

- netlink supports 2^32-1 groups in recent kernel versions

- the proper way to check that a message is from the kernel is to check for a PID of zero. Its also worth noting that netlink PIDs are just numerical identifiers with a badly chosen name, they have no direct relationship to process PIDs.

- regarding other netlink users: the exactly same bug was present in iproute and IIRC the *swan keying daemons a couple of years ago. I'd expect it to be present in more software using netlink.

Netlink for userspace to userspace communication seems like a pretty useless feature, unfortunately we can't remove it or require receiving processes to optionally enable it for compatibility reasons.