| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e4a8a2f6-c581-46c9-98f3-16e8c68b4107@yandex.ru>
Date: Mon, 27 Jan 2025 17:58:13 +0300
From: stsp <stsp2@...dex.ru>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>,
Ondrej Mosnacek <omosnace@...hat.com>, Willem de Bruijn
<willemb@...gle.com>, Jason Wang <jasowang@...hat.com>
Cc: Jakub Kicinski <kuba@...nel.org>, network dev <netdev@...r.kernel.org>,
Linux Security Module list <linux-security-module@...r.kernel.org>,
SElinux list <selinux@...r.kernel.org>
Subject: Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group
permission check")
27.01.2025 17:50, Willem de Bruijn пишет:
> Thanks for the report Ondrej.
>
> Agreed that we need to reinstate this. I suggest this explicit
> extra branch after the more likely cases:
>
> @@ -585,6 +585,9 @@ static inline bool tun_capable(struct tun_struct *tun)
> return 1;
> if (gid_valid(tun->group) && in_egroup_p(tun->group))
> return 1;
> + if (!uid_valid(tun->owner) && !gid_valid(tun->group))
> + return 1;
> +
> return 0;
> }
>
> The intent clearly has always been to allow access if owner and group
> are not explicitly set.
Perfectly fine with me.
I'd raise the question about
the security implications, but
definitely not within this
regression subject.
Powered by blists - more mailing lists