[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1378910647.1538.13.camel@bwh-desktop.uk.level5networks.com>
Date: Wed, 11 Sep 2013 15:44:07 +0100
From: Ben Hutchings <bhutchings@...arflare.com>
To: Stephen Hemminger <stephen@...workplumber.org>
CC: Wannes Rombouts <wannes.rombouts@...tech.eu>,
<davem@...emloft.net>, <jasowang@...hat.com>, <mst@...hat.com>,
<edumazet@...gle.com>, <nhorman@...driver.com>,
<netdev@...r.kernel.org>, Kevin Soules <kevin.soules@...tech.eu>
Subject: Re: Use-after-free in TUNSETIFF
On Tue, 2013-09-10 at 17:32 -0700, Stephen Hemminger wrote:
[...]
> [1] A user with CAP_NET_ADMIN can basically hose the system many other ways.
> Capabilities are a failed security model.
> Almost all distro's limit CAP_NET_ADMIN to root anyway.
tun uses ns_capable(), not capable(). If user namespaces are enabled
then I think any user can create their own user & net namespaces, be
'root' in those namespaces and then invoke TUNSETIFF successfully.
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists