diff options
| author | David S. Miller <davem@davemloft.net> | 2014-04-24 19:45:04 +0200 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-04-24 19:45:04 +0200 |
| commit | 29e8f59cf1ff91f2854563faddc5f61098cf4958 (patch) | |
| tree | 85d43e6c5d8b10fb79fcb9c402217f8eb54bbe12 /net/can | |
| parent | gianfar: Check if phydev present on ethtool -A (diff) | |
| parent | net: Use netlink_ns_capable to verify the permisions of netlink messages (diff) | |
| download | linux-29e8f59cf1ff91f2854563faddc5f61098cf4958.tar.xz linux-29e8f59cf1ff91f2854563faddc5f61098cf4958.zip | |
Merge branch 'netlink-caps'
Eric W. Biederman says:
====================
netlink: Preventing abuse when passing file descriptors.
Andy Lutomirski when looking at the networking stack noticed that it is
possible to trick privilged processes into calling write on a netlink
socket and send netlink messages they did not intend.
In particular from time to time there are suid applications that will
write to stdout or stderr without checking exactly what kind of file
descriptors those are and can be tricked into acting as a limited form
of suid cat. In other conversations the magic string CVE-2014-0181 has
been used to talk about this issue.
This patchset cleans things up a bit, adds some clean abstractions that
when used prevent this kind of problem and then finally changes all of
the handlers of netlink messages that I could find that call capable to
use netlink_ns_capable or an appropriate wrapper.
The abstraction netlink_ns_capable verifies that the original creator of
the netlink socket a message is sent from had the necessary capabilities
as well as verifying that the current sender of a netlink packet has the
necessary capabilities.
The idea is to prevent file descriptor passing of any form from
resulting in a file descriptor that can do more than it can for the
creator of the file descriptor.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/can')
| -rw-r--r-- | net/can/gw.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/can/gw.c b/net/can/gw.c index ac31891967da..050a2110d43f 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -804,7 +804,7 @@ static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh) u8 limhops = 0; int err = 0; - if (!capable(CAP_NET_ADMIN)) + if (!netlink_capable(skb, CAP_NET_ADMIN)) return -EPERM; if (nlmsg_len(nlh) < sizeof(*r)) @@ -893,7 +893,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh) u8 limhops = 0; int err = 0; - if (!capable(CAP_NET_ADMIN)) + if (!netlink_capable(skb, CAP_NET_ADMIN)) return -EPERM; if (nlmsg_len(nlh) < sizeof(*r)) |