lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140508142121.2c68bcc3@nehalam.linuxnetplumber.net>
Date:	Thu, 8 May 2014 14:21:21 -0700
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	David Miller <davem@...emloft.net>
Cc:	luto@...capital.net, jorge@...2.net, ebiederm@...ssion.com,
	vgoyal@...hat.com, ssorce@...hat.com, security@...nel.org,
	netdev@...r.kernel.org, serge@...lyn.com
Subject: Re: [PATCH 5/5] net: Use netlink_ns_capable to verify the
 permisions of netlink messages

On Wed, 07 May 2014 19:45:14 -0400 (EDT)
David Miller <davem@...emloft.net> wrote:

> From: Andy Lutomirski <luto@...capital.net>
> Date: Wed, 7 May 2014 16:01:33 -0700
> 
> > On Wed, May 7, 2014 at 3:52 PM, David Miller <davem@...emloft.net> wrote:
> >> From: Andy Lutomirski <luto@...capital.net>
> >> Date: Wed, 7 May 2014 15:26:11 -0700
> >>
> >>> So what do we do?  Check permissions on connect and then use the
> >>> cached result for send on a connected socket?  Check permitted caps
> >>> instead of effective caps?
> >>
> >> It should create the socket after changing perms.
> > 
> > I agree that it should, but it doesn't, and if these patches get
> > backported, things will break.  OTOH, if the patches don't get
> > backported, things may still break, and we have a possibly rather
> > severe unfixed vulnerability.
> 
> I think the kernel change is justified as the privilege allowance
> that happened before was very much unintentional and as you've
> shown us countless times a very real problem that we must fix.

One of the problems here is that Quagga may generate millions of
netlink messages to change routes in response to link flap.
Raising/lowering the permissions around each request would have
a significant performance impact.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ