From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE426258EE1 for ; Thu, 9 Apr 2026 07:12:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775718735; cv=none; b=LBDSSLboMXifXyC8eRHnK0cEfkVJ0ixmb6yIl3Eixl4xBf0m9NRMmU5QqmDF2Fzil788MlFY8wkK0B4NpHCs5pOXaLN8pzfKhjJZuy7lLE5Uoql0KDIyxxyd8lWk92ltdQOgpVMIenoxfDJchpFnOK9GpixE+Dm8wcK148OY4Qc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775718735; c=relaxed/simple; bh=4cK7xAQaQluVvtSS1YJSFBx2Rb8MGWj4l9J4zSe8hh4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=uGFOe+6TO0fcc4wpgtRRBKoKJ1PgNX07bY9IbO7zRz44NPD27xkgOUXe2H6lZRc3VLOHRw55VA9mNH+SqyUfGu4g7LIsCfFso4OSKq7pTfOCSfQCu3EakrfjERpm7ueEb9izhnBngzLwsHKZHhZckIT1wdeVVO0cuXAbw56kXlo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YJlPQmr3; arc=none smtp.client-ip=209.85.215.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YJlPQmr3" Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-c6e2355739dso262727a12.2 for ; Thu, 09 Apr 2026 00:12:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775718733; x=1776323533; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=X6n/6XAG5DCp2ub78tzGGPgz0JbF6NQXkefJxmE1mY8=; b=YJlPQmr3k1K6cEl7BH0GO0b7rkXi9Nf0PwA5kysCJ/jhNm5BLdLYsg5hRB4tdjS7dA 9MHJmB8o44tSFUzV4epNesu8ckHd6fudQ19gOSEAkEQFggwcKMctRI7pEoXc9itQk0C+ Wssk7w2izrD4hW56vW0T6Ldsb86EgFrRpQ8+tSAtVnc9HrlojO2bkWQsdxejafU39FkU 4a1QII/rpLwXNVprXKBpMDiRXe2iNTBAylHWPTGoYdnuBeRynHZSXX75k3r1hGTj25h+ 4D3RWrFXWy290ISdUDNvQIK+C8dYuNtenHBJLAi53MHLdYuoO1t3rHftbmGuUNfF4Hb1 JsNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775718733; x=1776323533; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=X6n/6XAG5DCp2ub78tzGGPgz0JbF6NQXkefJxmE1mY8=; b=pbMdLG/Haq+QdhZ4+ItowwsZkgQDGk8suB88+/m4wc51rpFNH1jeKYVdAqbkL+uAAa 79OCgaZKVWJ+gQr4VbJCEH8mZ5pBIBcj7ddEp0hL9YAhGM3e5fOwXRCnG4kt+4RALiGm p6XBmaqotPVEnfRnXMkPtOsspEtkvyrywjhx5tbXqomYGDiI+XwjGO8nlsMvSyDnkNl2 hZOyPD+p5KHK27QYyI2g5L/K3MyBXGKArvO3hSGW+llZXWy7YqDbrgWuOc6N46TKGAVx podcgwUZapIneDNOk47Lj5nG1ygDKbmK7g5mXIniEBQgzkCmrSqNei61CYylkr0OcU1M k2uQ== X-Forwarded-Encrypted: i=1; AJvYcCUr04S792h3GcNvxtIjxnwPKIMZtS7RtInfd0EV3kq6wn/tWqPEW4auzYOZZqGCI/NtQktoviVoaoqA40A=@vger.kernel.org X-Gm-Message-State: AOJu0Yzu8Fs8Tem2+kvvNxxC/DuYbUwmzwNLMJVgj/CeuUQrFeTo9HBh vhlTURoqqWRfzlbmZ4Qat8rR3ZFirMSo1FRGbYxg4Ehgr/5V2hMieG85 X-Gm-Gg: AeBDiesspSIj7Ths6mpQbKLbSA/NSs4rR4xmW5wkJ7rJoTWAx7gWram2aqTCpW9KuIb UMX0dJhscMitDa1JYtVeHbL3dhb8sCdnD4VD46/M77WbIRX0G+DZRUNOEaWWIREqMsVZCGo8f5D WdFpLrh9/gGjEZkTyDnG0e5zBqnxjSdepAIa5u6b0yTQH1TOPyaS+Ov6lAAH/W5DplvBPW5vklJ Bg8SrihR1H25uGK52UdrOAJRUYh9bEuS44q5yy8BQpS5o1boG1MLLA7Wr5zL7Na7PasaIufw6iq pVBiDwFW6oArRrA0j2aGkhOphfDVKH3joJ/BtrewJeIZCefzGPqmbHfjPzGFZQAvuK0YGmkMK4m YMbxw3/p06ECf4I38MdDsTlnVjPnY1h415R9Lx/gDrklDdP6uR3RrPydl4fxNg6MWpMoYyzwi89 IkUIIJVo1KCTTFmWaioHRU9tQwu77CTa6KN0tGf4fqMcYBEsw= X-Received: by 2002:a05:6300:2418:b0:39f:6315:f5f with SMTP id adf61e73a8af0-39f631573fbmr14238935637.28.1775718733304; Thu, 09 Apr 2026 00:12:13 -0700 (PDT) Received: from localhost.localdomain ([220.83.29.221]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c76c6491fe0sm18642825a12.11.2026.04.09.00.12.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 00:12:12 -0700 (PDT) From: Taegu Ha To: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Qingfang Deng , Kees Cook , Taegu Ha , Kuniyuki Iwashima , Sebastian Andrzej Siewior , Cyrill Gorcunov , linux-ppp@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: qingfang.deng@linux.dev, gnault@redhat.com, jaco@uls.co.za, richardbgobert@gmail.com, ericwouds@gmail.com, teknoraver@meta.com Subject: [PATCH net v3] ppp: require CAP_NET_ADMIN in target netns for unattached ioctls Date: Thu, 9 Apr 2026 16:11:15 +0900 Message-ID: <20260409071117.4354-1-hataegu0826@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit /dev/ppp open is currently authorized against file->f_cred->user_ns, while unattached administrative ioctls operate on current->nsproxy->net_ns. As a result, a local unprivileged user can create a new user namespace with CLONE_NEWUSER, gain CAP_NET_ADMIN only in that new user namespace, and still issue PPPIOCNEWUNIT, PPPIOCATTACH, or PPPIOCATTCHAN against an inherited network namespace. Require CAP_NET_ADMIN in the user namespace that owns the target network namespace before handling unattached PPP administrative ioctls. This preserves normal pppd operation in the network namespace it is actually privileged in, while rejecting the userns-only inherited-netns case. Fixes: 273ec51dd7ce ("net: ppp_generic - introduce net-namespace functionality v2") Signed-off-by: Taegu Ha --- drivers/net/ppp/ppp_generic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index e9b41777be80..c2024684b10d 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -1057,6 +1057,9 @@ static int ppp_unattached_ioctl(struct net *net, struct ppp_file *pf, struct ppp_net *pn; int __user *p = (int __user *)arg; + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + return -EPERM; + switch (cmd) { case PPPIOCNEWUNIT: /* Create a new ppp unit */ -- 2.43.0