lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 02 Jun 2014 16:34:51 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	luto@...capital.net
Cc:	ebiederm@...ssion.com, security@...nel.org, netdev@...r.kernel.org,
	torvalds@...ux-foundation.org, jorge@...2.net, jbenc@...hat.com,
	vgoyal@...hat.com, ssorce@...hat.com, serge@...lyn.com
Subject: Re: [PATCH urgent] netlink: Only check file credentials for
 implicit destinations

From: Andy Lutomirski <luto@...capital.net>
Date: Fri, 30 May 2014 11:04:00 -0700

> From: "Eric W. Biederman" <ebiederm@...ssion.com>
> 
> It was possible to get a setuid root or setcap executable to write to
> it's stdout or stderr (which has been set made a netlink socket) and
> inadvertently reconfigure the networking stack.
> 
> To prevent this we check that both the creator of the socket and
> the currentl applications has permission to reconfigure the network
> stack.
> 
> Unfortunately this breaks Zebra which always uses sendto/sendmsg
> and creates it's socket without any privileges.
> 
> To keep Zebra working don't bother checking if the creator of the
> socket has privilege when a destination address is specified.  Instead
> rely exclusively on the privileges of the sender of the socket.
> 
> Note from Andy: This is exactly Eric's code except for some comment
> clarifications and formatting fixes.  Neither I nor, I think, anyone
> else is thrilled with this approach, but I'm hesitant to wait on a
> better fix since 3.15 is almost here.
> 
> Note to stable maintainers: This is a mess.  An earlier series of
> patches in 3.15 fix a rather serious security issue (CVE-2014-0181),
> but they did so in a way that breaks Zebra.  The offending series
> includes:
> 
>     commit aa4cf9452f469f16cea8c96283b641b4576d4a7b
>     Author: Eric W. Biederman <ebiederm@...ssion.com>
>     Date:   Wed Apr 23 14:28:03 2014 -0700
> 
>         net: Add variants of capable for use on netlink messages
> 
> If a given kernel version is missing that series of fixes, it's
> probably worth backporting it and this patch.  if that series is
> present, then this fix is critical if you care about Zebra.
> 
> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
> Signed-off-by: Andy Lutomirski <luto@...capital.net>

Applied, thanks Andy.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ