leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2d7a85f4b0
linux/include
History
Eric W. Biederman 2d7a85f4b0 netlink: Only check file credentials for implicit destinations 
It was possible to get a setuid root or setcap executable to write to
it's stdout or stderr (which has been set made a netlink socket) and
inadvertently reconfigure the networking stack.

To prevent this we check that both the creator of the socket and
the currentl applications has permission to reconfigure the network
stack.

Unfortunately this breaks Zebra which always uses sendto/sendmsg
and creates it's socket without any privileges.

To keep Zebra working don't bother checking if the creator of the
socket has privilege when a destination address is specified.  Instead
rely exclusively on the privileges of the sender of the socket.

Note from Andy: This is exactly Eric's code except for some comment
clarifications and formatting fixes.  Neither I nor, I think, anyone
else is thrilled with this approach, but I'm hesitant to wait on a
better fix since 3.15 is almost here.

Note to stable maintainers: This is a mess.  An earlier series of
patches in 3.15 fix a rather serious security issue (CVE-2014-0181),
but they did so in a way that breaks Zebra.  The offending series
includes:

    commit aa4cf9452f
    Author: Eric W. Biederman <ebiederm@xmission.com>
    Date:   Wed Apr 23 14:28:03 2014 -0700

        net: Add variants of capable for use on netlink messages

If a given kernel version is missing that series of fixes, it's
probably worth backporting it and this patch.  if that series is
present, then this fix is critical if you care about Zebra.

Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-06-02 16:34:09 -07:00
..
acpi IOMMU Upates for Linux v3.15 2014-04-05 18:46:26 -07:00
asm-generic asm-generic: remove _STK_LIM_MAX 2014-05-15 00:32:09 +01:00
clocksource
crypto crypto: export NULL algorithms defines 2014-03-21 21:54:26 +08:00
drm Merge branch 'mullins' of git://people.freedesktop.org/~deathsimple/linux into drm-fixes 2014-05-07 09:10:28 +10:00
dt-bindings 3.15 fixes for AT91 2014-04-26 11:29:30 +02:00
keys
kvm
linux netlink: Only check file credentials for implicit destinations 2014-06-02 16:34:09 -07:00
math-emu
media [media] rc-core: remove generic scancode filter 2014-04-06 11:30:29 -03:00
memory
misc
net net: fix inet_getid() and ipv6_select_ident() bugs 2014-06-02 14:09:28 -07:00
pcmcia
ras
rdma Merge branches 'core', 'cxgb4', 'ip-roce', 'iser', 'misc', 'mlx4', 'nes', 'ocrdma', 'qib', 'sgwrapper', 'srp' and 'usnic' into for-next 2014-04-03 08:30:17 -07:00
rxrpc
scsi scsi: Make sure cmd_flags are 64-bit 2014-04-09 20:26:20 -06:00
sound ALSA: cs8427: separate HW initialization 2014-04-03 14:59:48 +02:00
target target/sbc: Add sbc_dif_read_strip software emulation 2014-04-07 01:48:57 -07:00
trace This contains two fixes. 2014-05-08 14:17:13 -07:00
uapi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-23 15:29:43 -07:00
video fbdev changes for 3.15 (OMAP) 2014-04-07 10:47:51 -07:00
xen xen/acpi-processor: fix enabling interrupts on syscore_resume 2014-03-18 14:40:20 +00:00
Kbuild