| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jan 2024 10:45:35 +0800 (GMT+08:00) From: 孟敬姿 <mengjingzi@....ac.cn> To: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, brauner@...nel.org Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, bpf@...r.kernel.org Subject: capability checks in sk_setsockopt() and __sock_cmsg_send() inconsistent with the documentation Hi! We've identified redundant capability checks within the sk_setsockopt() and __sock_cmsg_send() functions, specifically related to the options SO_MARK and SO_PRIORITY. Currently, both CAP_NET_ADMIN and CAP_NET_RAW are used for these checks, and we propose simplifying this by exclusively using CAP_NET_ADMIN. Our rationale is based on the definitions provided in the capability manual page(https://www.man7.org/linux/man-pages/man7/capabilities.7.html), which specifies that only CAP_NET_ADMIN is required for using setsockopt(2) to set SO_PRIORITY, SO_DEBUG, and SO_MARK. Additionally, we've observed that SO_DEBUG is already protected solely by CAP_NET_ADMIN. Simplifying the capability checks in these functions to only use CAP_NET_ADMIN would not only align with the capability manual page but also contribute to a more straightforward and consistent codebase. This issue exists in several kernel versions and we have checked it on the latest stable release(Linux 6.6.9). Your insights and feedback on this proposed adjustment would be greatly appreciated. Thank you for your time and consideration. Best regards, Jingzi
Powered by blists - more mailing lists