lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Jan 2015 17:20:38 -0500 (EST) From: David Miller <davem@...emloft.net> To: johannes@...solutions.net Cc: netdev@...r.kernel.org, jeff.layton@...marydata.com, sedat.dilek@...il.com, johannes.berg@...el.com Subject: Re: [PATCH v3 2/3] genetlink: disallow subscribing to unknown mcast groups From: Johannes Berg <johannes@...solutions.net> Date: Fri, 16 Jan 2015 11:37:13 +0100 > From: Johannes Berg <johannes.berg@...el.com> > > Jeff Layton reported that he could trigger the multicast unbind warning > in generic netlink using trinity. I originally thought it was a race > condition between unregistering the generic netlink family and closing > the socket, but there's a far simpler explanation: genetlink currently > allows subscribing to groups that don't (yet) exist, and the warning is > triggered when unsubscribing again while the group still doesn't exist. > > Originally, I had a warning in the subscribe case and accepted it out of > userspace API concerns, but the warning was of course wrong and removed > later. > > However, I now think that allowing userspace to subscribe to groups that > don't exist is wrong and could possibly become a security problem: > Consider a (new) genetlink family implementing a permission check in > the mcast_bind() function similar to the like the audit code does today; > it would be possible to bypass the permission check by guessing the ID > and subscribing to the group it exists. This is only possible in case a > family like that would be dynamically loaded, but it doesn't seem like a > huge stretch, for example wireless may be loaded when you plug in a USB > device. > > To avoid this reject such subscription attempts. > > If this ends up causing userspace issues we may need to add a workaround > in af_netlink to deny such requests but not return an error. > > Reported-by: Jeff Layton <jeff.layton@...marydata.com> > Signed-off-by: Johannes Berg <johannes.berg@...el.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists