| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87bnvtnjzw.fsf_-_@x220.int.ebiederm.org>
Date: Tue, 22 Apr 2014 14:15:47 -0700
From: ebiederm@...ssion.com (Eric W. Biederman)
To: "David S. Miller" <davem@...emloft.net>
Cc: Vivek Goyal <vgoyal@...hat.com>, Simo Sorce <ssorce@...hat.com>,
"security\@kernel.org" <security@...nel.org>,
Andy Lutomirski <luto@...capital.net>,
<netdev@...r.kernel.org>, "Serge E. Hallyn" <serge@...lyn.com>
Subject: [PATCH 3/6] net: Fix ns_capable check in packet_diag_dump
The caller needs capabilities on the namespace being queried, not on
their own namespace. This is a security bug, although it likely has
only a minor impact.
Reported-by: Andy Lutomirski <luto@...capital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
---
net/packet/diag.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/packet/diag.c b/net/packet/diag.c
index f5ad130ee3b8..b34d0de24091 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -194,8 +194,7 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
net = sock_net(skb->sk);
req = nlmsg_data(cb->nlh);
- may_report_filterinfo =
- ns_capable(sk_user_ns(NETLINK_CB(cb->skb).sk), CAP_NET_ADMIN);
+ may_report_filterinfo = ns_capable(net->user_ns, CAP_NET_ADMIN);
mutex_lock(&net->packet.sklist_lock);
sk_for_each(sk, &net->packet.sklist) {
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists