lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 3 Mar 2011 23:37:46 +0100
From:	Lars Ellenberg <lars.ellenberg@...bit.com>
To:	Chris Wright <chrisw@...s-sol.org>
Cc:	David Miller <davem@...emloft.net>, linux-fbdev@...r.kernel.org,
	netdev@...r.kernel.org, linux-security-module@...r.kernel.org,
	dm-devel@...hat.com, Evgeniy Polyakov <zbr@...emap.net>,
	kaber@...sh.net, drbd-dev@...ts.linbit.com
Subject: Re: [Drbd-dev] [PATCH 2/2 v2] netlink: kill eff_cap from struct
 netlink_skb_parms

On Thu, Mar 03, 2011 at 12:15:22PM -0800, Chris Wright wrote:
> * David Miller (davem@...emloft.net) wrote:
> > From: Chris Wright <chrisw@...s-sol.org>
> > Date: Thu, 3 Mar 2011 09:32:30 -0800
> > 
> > > * Patrick McHardy (kaber@...sh.net) wrote:
> > > 
> > >> commit 8ff259625f0ab295fa085b0718eed13093813fbc
> > >> Author: Patrick McHardy <kaber@...sh.net>
> > >> Date:   Thu Mar 3 10:17:31 2011 +0100
> > >> 
> > >>     netlink: kill eff_cap from struct netlink_skb_parms
> > >>     
> > >>     Netlink message processing in the kernel is synchronous these days,
> > >>     capabilities can be checked directly in security_netlink_recv() from
> > >>     the current process.
> > >>     
> > >>     Signed-off-by: Patrick McHardy <kaber@...sh.net>
> > > 
> > > Thanks for doing that Patrick.  I looked at this earlier and thought
> > > there was still an async path, but I guess that's just to another
> > > userspace process.
> > > 
> > > BTW, I think you missed a couple connector based callers:
> > > 
> > > drivers/staging/pohmelfs/config.c:      if (!cap_raised(nsp->eff_cap, CAP_SYS_AD
> > > drivers/video/uvesafb.c:        if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))


Last time I checked, current() for connector based netlink message
consumers was the work queue that is used for connector.

So unless that changed, or my understanding is wrong, current_cap()
inside cn_queue_wrapper(), respectively the d->callback()
will not be the userland sender process' capabilities, but the work
queue capabilities.

If so, then this change introduces the possibility for normal users to
send privileged commands to connector based subsystems, even if they
may not be able to bind() to suitable sockets to receive any replies.

Am I missing something?

	Lars
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ