From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C14FFC4363A for ; Tue, 27 Oct 2020 07:17:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4967520791 for ; Tue, 27 Oct 2020 07:17:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=bernat.ch header.i=@bernat.ch header.b="QYjyypW+"; dkim=temperror (0-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="eWBvMyn+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2436785AbgJ0HRr (ORCPT ); Tue, 27 Oct 2020 03:17:47 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:41503 "EHLO wout2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2436609AbgJ0HRq (ORCPT ); Tue, 27 Oct 2020 03:17:46 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id A8FA7C75; Tue, 27 Oct 2020 03:17:44 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 27 Oct 2020 03:17:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bernat.ch; h= from:to:cc:subject:references:date:in-reply-to:message-id :mime-version:content-type:content-transfer-encoding; s=fm1; bh= wGIbbS7r8/VVCcX7kCb3aZJRinzEzbwFqUjq4FrFGr0=; b=QYjyypW+hlxVIHsT r2mKQhnoj+vG6Uad/Eb9grqcWJkDrfGBjFvGHdYn+skktZbZ3wgA/4evPUicUDPs aU6K+I1MbQV0DJCG7WeeCxJMGofr3dsY11evj/cgMQoV7hSNkj80t0M9hvzvU8Fc BgopnM+vdyJuwvLVDJiNV/z5NUgV7Vcx97aMjnijArimCh0yhU1jlmy7//ivFQ2T PPPZ2iQpNYbifHlNX3ruAAuwe7TBj06dHmWTbHoxCgmpldi+Xb6i5nswRtLuqe6D Ja/XUIf6bo+dipc+Tywuh0nzRt77qik4IVjfBc7a08DwTiGknWEt+Nnr3d3buhMf Zv9sRw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=wGIbbS7r8/VVCcX7kCb3aZJRinzEzbwFqUjq4FrFG r0=; b=eWBvMyn+C3IvzgnvX9accmNO4HFfDSVSb5dM9BVNsE/qOQW6DCfM+nD+C ceKWhanXYN9eJTn0AixPniT7DRtA5IdmExMoK7CrYA8F69uviiQhuGYcWy/yb0eV vr5dZIF1XEMDUfzkulZWqYelnkKf677P/YzgCxH5pOyshuj9YBYJoJrH64ilxll7 rRFmYDpWBfKzMAUvuoMVQGONwyMb2AHbBaH86fXhSyYkNueAY8diiBB+RJktbqKN r7igRK4tWkcqzGO20ExEPfU4NfrRy9CRr/uEeW9GA1twzGNfgoPx/lB2pwCbsljL 4cOq/5ZiJQ9yPpXu94q7V0g2bbkqw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrkeekgddutdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufhfffgjkfgfgggtgfesthekredttderjeenucfhrhhomhepgghinhgt vghnthcuuegvrhhnrghtuceovhhinhgtvghnthessggvrhhnrghtrdgthheqnecuggftrf grthhtvghrnhepudeuveeggedtveduudejgfeiffeiveduiedvjedvudefleetgfefvdfh kedtieejnecukfhppeeluddrudejuddrvdegfedrudeinecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepvhhinhgtvghnthessggvrhhnrghtrdgt hh X-ME-Proxy: Received: from guybrush.luffy.cx (91-171-243-16.subs.proxad.net [91.171.243.16]) by mail.messagingengine.com (Postfix) with ESMTPA id 616743280065; Tue, 27 Oct 2020 03:17:43 -0400 (EDT) Received: by guybrush.luffy.cx (Postfix, from userid 1000) id C2B411FE71; Tue, 27 Oct 2020 08:17:41 +0100 (CET) From: Vincent Bernat To: David Ahern Cc: David Miller , netdev@vger.kernel.org, Laurent Fasnacht Subject: Re: [PATCH net-next v2] net: core: enable SO_BINDTODEVICE for non-root users References: <20200331132009.1306283-1-vincent@bernat.ch> <20200402.174735.1088204254915987225.davem@davemloft.net> Date: Tue, 27 Oct 2020 08:17:41 +0100 In-Reply-To: (David Ahern's message of "Fri, 23 Oct 2020 08:40:31 -0600") Message-ID: <87tuugkui2.fsf@bernat.ch> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org ❦ 23 octobre 2020 08:40 -06, David Ahern: >> I am wondering if we should revert the patch for 5.10 while we can, >> waiting for a better solution (and breaking people relying on the new >> behavior in 5.9). >> >> Then, I can propose a patch with a sysctl to avoid breaking existing >> setups. >> > > I have not walked the details, but it seems like a security policy can > be installed to get the previous behavior. libtorrent is using SO_BINDTODEVICE for some reason (code is quite old, so not git history). Previously, the call was unsuccesful and the error was logged and ignored. Now, it succeeds and circumvent the routing policy. Using Netfiler does not help as libtorrent won't act on dropped packets as the socket is already configured on the wrong interface. kprobe is unable to modify a syscall and seccomp cannot be applied globally. LSM are usually distro specific. What kind of security policy do you have in mind? Thanks. -- Don't over-comment. - The Elements of Programming Style (Kernighan & Plauger)