| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Dec 2020 12:22:11 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Petr Machata <me@...chata.org>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Alexander Duyck <alexander.h.duyck@...el.com>,
Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@...el.com>,
Jeff Kirsher <jeffrey.t.kirsher@...el.com>
Subject: Re: [PATCH net] net: dcb: Validate netlink message in DCB handler
On Tue, 22 Dec 2020 22:49:44 +0100 Petr Machata wrote:
> DCB uses the same handler function for both RTM_GETDCB and RTM_SETDCB
> messages. dcb_doit() bounces RTM_SETDCB mesasges if the user does not have
> the CAP_NET_ADMIN capability.
>
> However, the operation to be performed is not decided from the DCB message
> type, but from the DCB command. Thus DCB_CMD_*_GET commands are used for
> reading DCB objects, the corresponding SET and DEL commands are used for
> manipulation.
>
> The assumption is that set-like commands will be sent via an RTM_SETDCB
> message, and get-like ones via RTM_GETDCB. However, this assumption is not
> enforced.
>
> It is therefore possible to manipulate DCB objects without CAP_NET_ADMIN
> capability by sending the corresponding command in an RTM_GETDCB message.
> That is a bug. Fix it by validating the type of the request message against
> the type used for the response.
>
> Fixes: 2f90b8657ec9 ("ixgbe: this patch adds support for DCB to the kernel and ixgbe driver")
> Signed-off-by: Petr Machata <me@...chata.org>
Applied, thanks!
Powered by blists - more mailing lists