| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Mar 2013 15:36:43 +0100 From: Holger Eitzenberger <holger@...zenberger.org> To: netfilter-devel <netfilter-devel@...r.kernel.org> Cc: netdev@...r.kernel.org, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: [BUG NFQUEUE] NFQUEUE readers get -PERM from sys_sendto() if !root Hi, after updating to kernel v3.8.4 I see that Netfilter NFQUEUE readers get -EPERM from sys_sendto() at the time they try to inject the verdict back to the kernel. This only occurs iff not running as 'root'. The last working kernel is v3.7.7. Skimming through the changeset since v3.7.7 the following changes pop up: userns: Require CAP_SYS_ADMIN for most uses of setns. userns: Allow unprivileged use of setns. So it could be related to my current namespace config, which is CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_IPC_NS is not set # CONFIG_USER_NS is not set # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set I rate this a major issue, as quite some of those programs drop privileges for various reasons. Is this a known issue? Well, I skimmed through the list, but didn't find anything. /Holger -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists