| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 May 2019 17:25:35 +0200
From: Lukasz Pawelczyk <l.pawelczyk@...sung.com>
To: Eric Dumazet <eric.dumazet@...il.com>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
Florian Westphal <fw@...len.de>,
"David S. Miller" <davem@...emloft.net>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Lukasz Pawelczyk <havner@...il.com>
Subject: Re: [PATCH v2] netfilter: xt_owner: Add supplementary groups option
On Wed, 2019-05-08 at 07:58 -0700, Eric Dumazet wrote:
>
> On 5/8/19 10:12 AM, Lukasz Pawelczyk wrote:
> > The XT_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID to
> > be also checked in the supplementary groups of a process.
> >
> > Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@...sung.com>
> > ---
> > include/uapi/linux/netfilter/xt_owner.h | 1 +
> > net/netfilter/xt_owner.c | 23 ++++++++++++++++++++-
> > --
> > 2 files changed, 21 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/uapi/linux/netfilter/xt_owner.h
> > b/include/uapi/linux/netfilter/xt_owner.h
> > index fa3ad84957d5..d646f0dc3466 100644
> > --- a/include/uapi/linux/netfilter/xt_owner.h
> > +++ b/include/uapi/linux/netfilter/xt_owner.h
> > @@ -8,6 +8,7 @@ enum {
> > XT_OWNER_UID = 1 << 0,
> > XT_OWNER_GID = 1 << 1,
> > XT_OWNER_SOCKET = 1 << 2,
> > + XT_SUPPL_GROUPS = 1 << 3,
> > };
> >
> > struct xt_owner_match_info {
> > diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
> > index 46686fb73784..283a1fb5cc52 100644
> > --- a/net/netfilter/xt_owner.c
> > +++ b/net/netfilter/xt_owner.c
> > @@ -91,11 +91,28 @@ owner_mt(const struct sk_buff *skb, struct
> > xt_action_param *par)
> > }
> >
> > if (info->match & XT_OWNER_GID) {
> > + unsigned int i, match = false;
> > kgid_t gid_min = make_kgid(net->user_ns, info-
> > >gid_min);
> > kgid_t gid_max = make_kgid(net->user_ns, info-
> > >gid_max);
> > - if ((gid_gte(filp->f_cred->fsgid, gid_min) &&
> > - gid_lte(filp->f_cred->fsgid, gid_max)) ^
> > - !(info->invert & XT_OWNER_GID))
> > + struct group_info *gi = filp->f_cred->group_info;
> > +
> > + if (gid_gte(filp->f_cred->fsgid, gid_min) &&
> > + gid_lte(filp->f_cred->fsgid, gid_max))
> > + match = true;
> > +
> > + if (!match && (info->match & XT_SUPPL_GROUPS) && gi) {
> > + for (i = 0; i < gi->ngroups; ++i) {
> > + kgid_t group = gi->gid[i];
> > +
> > + if (gid_gte(group, gid_min) &&
> > + gid_lte(group, gid_max)) {
> > + match = true;
> > + break;
> > + }
> > + }
> > + }
> > +
> > + if (match ^ !(info->invert & XT_OWNER_GID))
> > return false;
> > }
> >
> >
>
> How can this be safe on SMP ?
>
>From what I see after the group_info rework some time ago this struct
is never modified. It's replaced. Would get_group_info/put_group_info
around the code be enough?
--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics
Powered by blists - more mailing lists