lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1263340440.6844.110.camel@w-sridhar.beaverton.ibm.com>
Date:	Tue, 12 Jan 2010 15:54:00 -0800
From:	Sridhar Samudrala <sri@...ibm.com>
To:	David Miller <davem@...emloft.net>
Cc:	netdev <netdev@...r.kernel.org>
Subject: [PATCH] Add CAP_NET_RAW checks to bind() and sendmsg() on a
 AF_PACKET socket

CAP_NET_RAW capability check is currently done only when creating
a PF_PACKET socket. But there are so such checks when doing a bind()
to a specific interface or sending a message to a specific interface
via sendmsg() with msg->msg_name.

So when a packet socket fd is passed to an un-privileged process, it
can do a re-bind or send a message to any interface.
We ran into this case when considering using raw socket backend for
KVM guests with libvirt opening the packet socket and passing the fd to
an un-priviliged qemu process.

The following patch adds CAP_NET_RAW checks to bind() and sendmsg()
with msg_name calls.

Signed-off-by: Sridhar Samudrala <sri@...ibm.com>

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -958,6 +958,9 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
 		proto	= po->num;
 		addr	= NULL;
 	} else {
+		if (!capable(CAP_NET_RAW))
+			return -EACCES;
+
 		err = -EINVAL;
 		if (msg->msg_namelen < sizeof(struct sockaddr_ll))
 			goto out;
@@ -1075,6 +1078,9 @@ static int packet_snd(struct socket *sock,
 		proto	= po->num;
 		addr	= NULL;
 	} else {
+		if (!capable(CAP_NET_RAW))
+			return -EACCES;
+
 		err = -EINVAL;
 		if (msg->msg_namelen < sizeof(struct sockaddr_ll))
 			goto out;
@@ -1284,6 +1290,8 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
 	struct net_device *dev;
 	int err = -ENODEV;
 
+	if (!capable(CAP_NET_RAW))
+		return -EACCES;
 	/*
 	 *	Check legality
 	 */
@@ -1307,6 +1315,8 @@ static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len
 	struct net_device *dev = NULL;
 	int err;
 
+	if (!capable(CAP_NET_RAW))
+		return -EACCES;
 
 	/*
 	 *	Check legality


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ