lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 18 Jun 2015 23:00:11 -0400
From:	Andy Gospodarek <gospo@...ulusnetworks.com>
To:	Mahesh Bandewar <maheshb@...gle.com>
Cc:	Jay Vosburgh <j.vosburgh@...il.com>,
	Andy Gospodarek <andy@...yhouse.net>,
	Veaceslav Falico <vfalico@...il.com>,
	Nikolay Aleksandrov <nikolay@...hat.com>,
	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH next v3] bonding: Display LACP info only to CAP_NET_ADMIN
 capable user

On Thu, Jun 18, 2015 at 11:30:54AM -0700, Mahesh Bandewar wrote:
> Actor and Partner details can be accessed via proc-fs, sys-fs
> entries or netlink interface. These interfaces are world readable
> at this moment. The earlier patch-series made the LACP communication
> secure to avoid nuisance attack from within the same L2 domain but
> it did not prevent "someone unprivileged" looking at that information
> on host and perform the same act.
> 
> This patch essentially avoids spitting those entries if the user
> in question does not have enough privileges.
> 
> Signed-off-by: Mahesh Bandewar <maheshb@...gle.com>
> ---
>  drivers/net/bonding/bond_netlink.c |  23 +++++----
>  drivers/net/bonding/bond_procfs.c  | 101 +++++++++++++++++++------------------
>  drivers/net/bonding/bond_sysfs.c   |  12 ++---
>  3 files changed, 71 insertions(+), 65 deletions(-)
> 
[...]
> diff --git a/drivers/net/bonding/bond_procfs.c b/drivers/net/bonding/bond_procfs.c
> index e7f3047a26df..f514fe5e80a5 100644
> --- a/drivers/net/bonding/bond_procfs.c
> +++ b/drivers/net/bonding/bond_procfs.c
[...]
> @@ -199,33 +202,35 @@ static void bond_info_show_slave(struct seq_file *seq,
>  			seq_printf(seq, "Partner Churned Count: %d\n",
>  				   port->churn_partner_count);
>  
> -			seq_puts(seq, "details actor lacp pdu:\n");
> -			seq_printf(seq, "    system priority: %d\n",
> -				   port->actor_system_priority);
> -			seq_printf(seq, "    system mac address: %pM\n",
> -				   &port->actor_system);
> -			seq_printf(seq, "    port key: %d\n",
> -				   port->actor_oper_port_key);
> -			seq_printf(seq, "    port priority: %d\n",
> -				   port->actor_port_priority);
> -			seq_printf(seq, "    port number: %d\n",
> -				   port->actor_port_number);
> -			seq_printf(seq, "    port state: %d\n",
> -				   port->actor_oper_port_state);
> -
> -			seq_puts(seq, "details partner lacp pdu:\n");
> -			seq_printf(seq, "    system priority: %d\n",
> -				   port->partner_oper.system_priority);
> -			seq_printf(seq, "    system mac address: %pM\n",
> -				   &port->partner_oper.system);
> -			seq_printf(seq, "    oper key: %d\n",
> -				   port->partner_oper.key);
> -			seq_printf(seq, "    port priority: %d\n",
> -				   port->partner_oper.port_priority);
> -			seq_printf(seq, "    port number: %d\n",
> -				   port->partner_oper.port_number);
> -			seq_printf(seq, "    port state: %d\n",
> -				   port->partner_oper.port_state);
> +			if (capable(CAP_NET_ADMIN)) {
> +				seq_puts(seq, "details actor lacp pdu:\n");
> +				seq_printf(seq, "    system priority: %d\n",
> +					   port->actor_system_priority);
> +				seq_printf(seq, "    system mac address: %pM\n",
> +					   &port->actor_system);
> +				seq_printf(seq, "    port key: %d\n",
> +					   port->actor_oper_port_key);
> +				seq_printf(seq, "    port priority: %d\n",
> +					   port->actor_port_priority);
> +				seq_printf(seq, "    port number: %d\n",
> +					   port->actor_port_number);
> +				seq_printf(seq, "    port state: %d\n",
> +					   port->actor_oper_port_state);
> +
> +				seq_puts(seq, "details partner lacp pdu:\n");
> +				seq_printf(seq, "    system priority: %d\n",
> +					   port->partner_oper.system_priority);
> +				seq_printf(seq, "    system mac address: %pM\n",
> +					   &port->partner_oper.system);
> +				seq_printf(seq, "    oper key: %d\n",
> +					   port->partner_oper.key);
> +				seq_printf(seq, "    port priority: %d\n",
> +					   port->partner_oper.port_priority);
> +				seq_printf(seq, "    port number: %d\n",
> +					   port->partner_oper.port_number);
> +				seq_printf(seq, "    port state: %d\n",
> +					   port->partner_oper.port_state);
> +			}
>  		} else {
>  			seq_puts(seq, "Aggregator ID: N/A\n");
>  		}

With this patch, actor_oper_port_state and partner_oper.port_state are
not displayed in /proc, but that information is available via netlink
from bond_fill_slave_info().

I suspect you do not deem these two values as critical to the security
of the system, but wanted to confirm before ACKing.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ