| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191022200923.17366-1-michal.lyszczek@bofc.pl>
Date: Tue, 22 Oct 2019 22:09:23 +0200
From: Michał Łyszczek <michal.lyszczek@...c.pl>
To: netdev@...r.kernel.org
Cc: Michał Łyszczek <michal.lyszczek@...c.pl>
Subject: [PATCH iproute2] ipnetns: do not check netns NAME when -all is specified
When `-all' argument is specified netns runs cmd on all namespaces
and NAME is not used, but netns nevertheless checks if argv[1] is a
valid namespace name ignoring the fact that argv[1] contains cmd
and not NAME. This results in bug where user cannot specify
absolute path to command.
# ip -all netns exec /usr/bin/whoami
Invalid netns name "/usr/bin/whoami"
This forces user to have his command in PATH.
Solution is simply to not validate argv[1] when `-all' argument is
specified.
Signed-off-by: Michał Łyszczek <michal.lyszczek@...c.pl>
---
ip/ipnetns.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index 20110ef0..fc58a04b 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -994,7 +994,7 @@ int do_netns(int argc, char **argv)
return netns_list(0, NULL);
}
- if (argc > 1 && invalid_name(argv[1])) {
+ if (!do_all && argc > 1 && invalid_name(argv[1])) {
fprintf(stderr, "Invalid netns name \"%s\"\n", argv[1]);
exit(-1);
}
--
2.21.0
Powered by blists - more mailing lists