lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87y4xqtnrq.fsf@x220.int.ebiederm.org>
Date:	Sat, 24 May 2014 22:45:13 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Jiri Benc <jbenc@...hat.com>,
	Andy Lutomirski <luto@...capital.net>,
	David Miller <davem@...emloft.net>,
	"Jorge Boncompte \[DTI2\]" <jorge@...2.net>,
	Vivek Goyal <vgoyal@...hat.com>,
	Simo Sorce <ssorce@...hat.com>,
	"security\@kernel.org" <security@...nel.org>,
	Network Development <netdev@...r.kernel.org>,
	"Serge E. Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH 5/5] net: Use netlink_ns_capable to verify the permisions of netlink messages

Linus Torvalds <torvalds@...ux-foundation.org> writes:

> On Fri, May 23, 2014 at 4:25 PM, Eric W. Biederman
> <ebiederm@...ssion.com> wrote:
>>
>> I have not seen consensus that what Zebra is doing makes sense to
>> support.
>
> Eric, stop right there.
>
> There is no "sensible to support". There is only "reality".
>
> The thing that makes "reality" be "reality" is that it exists whether
> you like it or not, or whether you believe in it or not.
>
> We don't break applications. Whether you like them or not is
> completely immaterial.

You stop right there.  You are shooting the messenger.

I like Zebra just fine, and I hate breaking applications.

We don't retain bug compatibility when the semantics of kernel
interfaces are security vulnerabilities.

I don't appreciate being shot when I am just the messenger saying that
there is not a known fix for Zebra, that it might be unfixable, and that
no one had thought of a anything.

What Andy Lutormiski suggested of checking permissions at connect time
will break a whole lot more than just Zebra.  Unprivileged connect is a
supported feature in netlink, and all information rtnetlink queries
are non-privileged as is listening to rtnetlink brodacsts of network
state chagnes.

In concrete form, no special privileges are requires to run "ip link" or
"ip monitor".  Those among other commands are what Andy has proposed
breaking, all in the name of "supporting" Zebra.

I care just enough I have thrown a patch over the wall and we will see
if it sticks.

Eric
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ