lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <498700CD.2030403@msgid.tls.msk.ru>
Date:	Mon, 02 Feb 2009 17:18:53 +0300
From:	Michael Tokarev <mjt@....msk.ru>
To:	netdev <netdev@...r.kernel.org>, Guido Guenther <agx@...xcpu.org>
Subject: re: Allow group ownership of TUN/TAP devices.

Hi.  Just noticed an old commit 8c644623fe7e41f59fe97cdf666cba3cb7ced7d8
dated Mon Jul 2 22:50:25 2007 -0700 that allows group ownership for
tun/tap devices.  Here's the comment:

    [NET]: Allow group ownership of TUN/TAP devices.

    Introduce a new syscall TUNSETGROUP for group ownership setting of tap
    devices. The user now is allowed to send packages if either his euid or
    his egid matches the one specified via tunctl (via -u or -g
    respecitvely). If both, gid and uid, are set via tunctl, both have to
    match.

Two questions:

1: why both has to match?  Is it really useful?
 (I understand it's a corner case, somehow)

2, and this is the main one: How about supplementary groups?

Here I have a valid usage case: a group of testers running various
versions of windows using KVM (kernel virtual machine), 1 at a time,
to test some software.  kvm is set up to use bridge with a tap device
(there should be a way to connect to the machine).  Anyone on that group
has to be able to start/stop the virtual machines.

My first attempt - pretty obvious when I saw -g option of tunctl - is
to add group ownership for the tun device and add a supplementary group
to each user (their primary group should be different).  But that fails,
since kernel only checks for egid, not any other group ids.

What's the reasoning to not allow supplementary groups and to only check
for egid?

Thanks!

/mjt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ