| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Apr 2009 03:24:05 -0700 (PDT) From: David Miller <davem@...emloft.net> To: dwmw2@...radead.org Cc: netdev@...r.kernel.org Subject: Re: tun: add IFF_TUN_EXCL flag to avoid opening a persistent device. From: David Woodhouse <dwmw2@...radead.org> Date: Thu, 23 Apr 2009 18:04:18 +0100 > When creating a certain types of VPN, NetworkManager will first attempt > to find an available tun device by iterating through 'vpn%d' until it > finds one that isn't already busy. Then it'll set that to be persistent > and owned by the otherwise unprivileged user that the VPN dæmon itself > runs as. > > There's a race condition here -- during the period where the vpn%d > device is created and we're waiting for the VPN dæmon to actually > connect and use it, if we try to create _another_ device we could end up > re-using the same one -- because trying to open it again doesn't get > -EBUSY as it would while it's _actually_ busy. > > So solve this, we add an IFF_TUN_EXCL flag which causes tun_set_iff() to > fail if it would be opening an existing persistent tundevice -- so that > we can make sure we're getting an entirely _new_ device. > > Signed-off-by: David Woodhouse <David.Woodhouse@...el.com> Applied to net-next-2.6, thanks David. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists