[PATCH 2.6.17-rc1] Fix RtNetlink ENCODE security permissions

[PATCH 2.6.17-rc1] Fix RtNetlink ENCODE security permissions

[Jean Tourrilhes]

	Hi John,

	I've just realised that the RtNetlink code does not check the
permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
any user can read the encryption keys. The fix is trivial and should
go in 2.6.17 alonside the two other patch I sent you last week.
	Fully tested on 2.6.17-rc1.

	Have fun...

	Jean

Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com>

-----------------------------------------------------------

diff -u -p linux/net/core/wireless.j1.c linux/net/core/wireless.c
--- linux/net/core/wireless.j1.c	2006-04-13 18:29:49.000000000 -0700
+++ linux/net/core/wireless.c	2006-04-13 18:35:59.000000000 -0700
@@ -1726,6 +1726,14 @@ int wireless_rtnetlink_get(struct net_de
 	if(!IW_IS_GET(request->cmd))
 		return -EOPNOTSUPP;
 
+	/* If command is `get the encoding parameters', check if
+	 * the user has the right to do it */
+	if (request->cmd == SIOCGIWENCODE ||
+	    request->cmd == SIOCGIWENCODEEXT) {
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+	}
+
 	/* Special cases */
 	if(request->cmd == SIOCGIWSTATS)
 		/* Get Wireless Stats */

Re: [PATCH 2.6.17-rc1] Fix RtNetlink ENCODE security permissions

[Randy.Dunlap]

On Fri, 14 Apr 2006 10:47:26 -0700 Jean Tourrilhes wrote:

> 	Hi John,
> 
> 	I've just realised that the RtNetlink code does not check the
> permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
> any user can read the encryption keys. The fix is trivial and should
> go in 2.6.17 alonside the two other patch I sent you last week.
> 	Fully tested on 2.6.17-rc1.

and for -stable ??

> 	Have fun...
> 
> 	Jean
> 
> Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com>
> 
> -----------------------------------------------------------
> 
> diff -u -p linux/net/core/wireless.j1.c linux/net/core/wireless.c
> --- linux/net/core/wireless.j1.c	2006-04-13 18:29:49.000000000 -0700
> +++ linux/net/core/wireless.c	2006-04-13 18:35:59.000000000 -0700
> @@ -1726,6 +1726,14 @@ int wireless_rtnetlink_get(struct net_de
>  	if(!IW_IS_GET(request->cmd))
>  		return -EOPNOTSUPP;
>  
> +	/* If command is `get the encoding parameters', check if
> +	 * the user has the right to do it */
> +	if (request->cmd == SIOCGIWENCODE ||
> +	    request->cmd == SIOCGIWENCODEEXT) {
> +		if (!capable(CAP_NET_ADMIN))
> +			return -EPERM;
> +	}
> +
>  	/* Special cases */
>  	if(request->cmd == SIOCGIWSTATS)
>  		/* Get Wireless Stats */
> 
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 


---
~Randy

Re: [stable] Re: [PATCH 2.6.17-rc1] Fix RtNetlink ENCODE security permissions

[Greg KH]

On Fri, Apr 14, 2006 at 10:59:13AM -0700, Randy.Dunlap wrote:
> On Fri, 14 Apr 2006 10:47:26 -0700 Jean Tourrilhes wrote:
> 
> > 	Hi John,
> > 
> > 	I've just realised that the RtNetlink code does not check the
> > permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
> > any user can read the encryption keys. The fix is trivial and should
> > go in 2.6.17 alonside the two other patch I sent you last week.
> > 	Fully tested on 2.6.17-rc1.
> 
> and for -stable ??

At first glance, I'd agree with this.  Jean?

thanks,

greg k-h

Re: [PATCH 2.6.17-rc1] Fix RtNetlink ENCODE security permissions

[Jean Tourrilhes]

On Fri, Apr 14, 2006 at 10:59:13AM -0700, Randy.Dunlap wrote:
> On Fri, 14 Apr 2006 10:47:26 -0700 Jean Tourrilhes wrote:
> 
> > 	Hi John,
> > 
> > 	I've just realised that the RtNetlink code does not check the
> > permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
> > any user can read the encryption keys. The fix is trivial and should
> > go in 2.6.17 alonside the two other patch I sent you last week.
> > 	Fully tested on 2.6.17-rc1.
> 
> and for -stable ??

	The RtNetlink code (WE-20) was only included in 2.6.17-rc1 and
therefore is not available in 2.6.16.

	Jean