[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20140602.163451.2020310558428252845.davem@davemloft.net>
Date: Mon, 02 Jun 2014 16:34:51 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: luto@...capital.net
Cc: ebiederm@...ssion.com, security@...nel.org, netdev@...r.kernel.org,
torvalds@...ux-foundation.org, jorge@...2.net, jbenc@...hat.com,
vgoyal@...hat.com, ssorce@...hat.com, serge@...lyn.com
Subject: Re: [PATCH urgent] netlink: Only check file credentials for
implicit destinations
From: Andy Lutomirski <luto@...capital.net>
Date: Fri, 30 May 2014 11:04:00 -0700
> From: "Eric W. Biederman" <ebiederm@...ssion.com>
>
> It was possible to get a setuid root or setcap executable to write to
> it's stdout or stderr (which has been set made a netlink socket) and
> inadvertently reconfigure the networking stack.
>
> To prevent this we check that both the creator of the socket and
> the currentl applications has permission to reconfigure the network
> stack.
>
> Unfortunately this breaks Zebra which always uses sendto/sendmsg
> and creates it's socket without any privileges.
>
> To keep Zebra working don't bother checking if the creator of the
> socket has privilege when a destination address is specified. Instead
> rely exclusively on the privileges of the sender of the socket.
>
> Note from Andy: This is exactly Eric's code except for some comment
> clarifications and formatting fixes. Neither I nor, I think, anyone
> else is thrilled with this approach, but I'm hesitant to wait on a
> better fix since 3.15 is almost here.
>
> Note to stable maintainers: This is a mess. An earlier series of
> patches in 3.15 fix a rather serious security issue (CVE-2014-0181),
> but they did so in a way that breaks Zebra. The offending series
> includes:
>
> commit aa4cf9452f469f16cea8c96283b641b4576d4a7b
> Author: Eric W. Biederman <ebiederm@...ssion.com>
> Date: Wed Apr 23 14:28:03 2014 -0700
>
> net: Add variants of capable for use on netlink messages
>
> If a given kernel version is missing that series of fixes, it's
> probably worth backporting it and this patch. if that series is
> present, then this fix is critical if you care about Zebra.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
> Signed-off-by: Andy Lutomirski <luto@...capital.net>
Applied, thanks Andy.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists