lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 15 Aug 2014 17:52:08 +0800
From:	wangyufen <wangyufen@...wei.com>
To:	David Miller <davem@...emloft.net>
CC:	<netdev@...r.kernel.org>, <stable@...r.kernel.org>
Subject: Re: your netlink permission checks backport to v3.4

On 2014/8/8 4:53, David Miller wrote:
> 
> I don't think you properly compile tested this code:
> 
> diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
> index c00e307..b79ce1e 100644
> --- a/net/decnet/dn_dev.c
> +++ b/net/decnet/dn_dev.c
> @@ -440,7 +440,7 @@ int dn_dev_ioctl(unsigned int cmd, void __user *arg)
>  	case SIOCGIFADDR:
>  		break;
>  	case SIOCSIFADDR:
> -		if (!capable(CAP_NET_ADMIN))
> +		if (!netlink_capable(skb, CAP_NET_ADMIN))
>  			return -EACCES;
>  		if (sdn->sdn_family != AF_DECnet)
>  			return -EINVAL;
> 
> There is no "skb" variable in this function.
> 
> I think we're at the point where this backport makes no sense to submit
> to the -stable tree.
> 
> Multiple rounds of attempting to backport these changes has been tries
> and all such attempts have had problems.  Compile problems, authorship
> errors, lack of follow-up bug fixes, etc.
> 
> This is why I did not try to backport these changes to v3.4 and
> earlier.  The possiblity for introducing more regressions is larger
> than the benefit from including these changes.
> 
> Please do not ask me to include this backport into my v3.4 -stable
> series submissions any longer, thank you.
> 
> Sorry.
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

I did not open the CONFIG_DECNET option and the code did not build-in.
It's my first time to do backport. I'm ashamed that I made so many mistakes.

Sincerely sorry to trouble you so much.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists