lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Jun 2016 22:02:02 -0700 From: Andi Kleen <andi@...stfloor.org> To: Shanker Wang <shanker@...a.tsinghua.edu.cn> Cc: netdev@...r.kernel.org, Hannes Frederic Sowa <hannes@...essinduktion.org>, Richard Weinberger <richard.weinberger@...il.com>, Guillaume Nault <g.nault@...halink.fr>, Miao Wang <shankerwangmiao@...il.com> Subject: Re: [PATCH] net:ppp: replace too strict capability restriction on opening /dev/ppp Shanker Wang <shanker@...a.tsinghua.edu.cn> writes: > This patch removes the check for CAP_NET_ADMIN in the initial namespace > when opening /dev/open. Instead, CAP_NET_ADMIN is checked in the user > namespace the net namespace was created so that /dev/ppp cat get opened > in a unprivileged container. Seems dangerous. From a quick look at the PPP ioctl there is no limit how many PPP devices this can create. So a container having access to this would be able to fill all kernel memory. Probably needs more auditing and hardening first. In general there seems to be a lot of attack surface for root in PPP. -Andi -- ak@...ux.intel.com -- Speaking for myself only
Powered by blists - more mailing lists