From: David Miller <davem@davemloft.net>
To: ebiederm@xmission.com
Cc: vgoyal@redhat.com, ssorce@redhat.com, security@kernel.org,
luto@amacapital.net, netdev@vger.kernel.org, serge@hallyn.com
Subject: Re: [PATCH 0/5]: Preventing abuse when passing file descriptors
Date: Thu, 24 Apr 2014 13:45:30 -0400 (EDT) [thread overview]
Message-ID: <20140424.134530.1161118921944818883.davem@davemloft.net> (raw)
In-Reply-To: <87a9bbeo2o.fsf_-_@x220.int.ebiederm.org>
From: ebiederm@xmission.com (Eric W. Biederman)
Date: Wed, 23 Apr 2014 14:24:47 -0700
> Andy Lutomirski when looking at the networking stack noticed that it is
> possible to trick privilged processes into calling write on a netlink
> socket and send netlink messages they did not intend.
>
> In particular from time to time there are suid applications that will
> write to stdout or stderr without checking exactly what kind of file
> descriptors those are and can be tricked into acting as a limited form
> of suid cat. In other conversations the magic string CVE-2014-0181 has
> been used to talk about this issue.
>
> This patchset cleans things up a bit, adds some clean abstractions that
> when used prevent this kind of problem and then finally changes all of
> the handlers of netlink messages that I could find that call capable to
> use netlink_ns_capable or an appropriate wrapper.
>
> The abstraction netlink_ns_capable verifies that the original creator of
> the netlink socket a message is sent from had the necessary capabilities
> as well as verifying that the current sender of a netlink packet has the
> necessary capabilities.
>
> The idea is to prevent file descriptor passing of any form from
> resulting in a file descriptor that can do more than it can for the
> creator of the file descriptor.
Series applied, thanks Eric.
prev parent reply other threads:[~2014-04-24 17:45 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CALCETrUaYhh6Dkzn0TMEUz-GEO9-6ObByk5d_xRViSMBbp5Pkg@mail.gmail.com>
[not found] ` <cover.1397840611.git.luto@amacapital.net>
[not found] ` <6daf425e2023266d52d181e4d2ee18747d4f1fa8.1397840611.git.luto@amacapital.net>
[not found] ` <87tx9nuxf6.fsf@x220.int.ebiederm.org>
[not found] ` <CALCETrUqNVRBse4rUeUKfgYt0d+9x1JrEHGcZ_DnWyq7W6Yyzw@mail.gmail.com>
[not found] ` <87r44qtabz.fsf@x220.int.ebiederm.org>
[not found] ` <CALCETrWzUQ7QjykT85ExDfX-+9eDD-D-dcxofUMPvLK=ia9arg@mail.gmail.com>
[not found] ` <87r44qrt8v.fsf_-_@x220.int.ebiederm.org>
2014-04-22 21:13 ` [PATCH 0/6]: Preventing abuse when passing file descriptors Eric W. Biederman
2014-04-22 21:14 ` [PATCH 1/6] netlink: Rename netlink_capable netlink_allowed Eric W. Biederman
2014-04-22 21:15 ` [PATCH 2/6] net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump Eric W. Biederman
2014-04-22 21:15 ` [PATCH 3/6] net: Fix ns_capable check in packet_diag_dump Eric W. Biederman
2014-04-22 21:16 ` [PATCH 4/6] net: Add variants of capable for use on on sockets Eric W. Biederman
2014-04-22 21:16 ` [PATCH 5/6] net: Add variants of capable for use on netlink messages Eric W. Biederman
2014-04-22 21:17 ` [PATCH 6/6] net: Use netlink_ns_capable to verify the permisions of " Eric W. Biederman
2014-04-23 19:32 ` [PATCH 0/6]: Preventing abuse when passing file descriptors David Miller
2014-04-23 21:24 ` [PATCH 0/5]: " Eric W. Biederman
2014-04-23 21:25 ` [PATCH 1/5] netlink: Rename netlink_capable netlink_allowed Eric W. Biederman
2014-04-23 21:26 ` [PATCH 2/5] net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump Eric W. Biederman
2014-04-23 21:26 ` [PATCH 3/5] net: Add variants of capable for use on on sockets Eric W. Biederman
2014-04-23 21:28 ` [PATCH 4/5] net: Add variants of capable for use on netlink messages Eric W. Biederman
2014-04-23 21:29 ` [PATCH 5/5] net: Use netlink_ns_capable to verify the permisions of " Eric W. Biederman
2014-05-07 22:18 ` Jorge Boncompte [DTI2]
2014-05-07 22:26 ` Andy Lutomirski
2014-05-07 22:52 ` David Miller
2014-05-07 23:01 ` Andy Lutomirski
2014-05-07 23:34 ` Linus Torvalds
2014-05-07 23:45 ` Andy Lutomirski
2014-05-22 15:05 ` Jiri Benc
2014-05-23 23:25 ` Eric W. Biederman
2014-05-23 23:51 ` Linus Torvalds
2014-05-24 22:34 ` David Miller
2014-05-25 5:38 ` [RFC][PATCH] netlink: Only check file credentials for implicit destinations Eric W. Biederman
2014-05-25 16:50 ` Andy Lutomirski
2014-05-25 23:44 ` Eric W. Biederman
2014-05-26 0:32 ` Linus Torvalds
2014-05-26 5:36 ` [RFC][PATCH 2/1] netlink: Use the credential at the time the destination address was set Eric W. Biederman
2014-05-26 17:19 ` Andy Lutomirski
2014-05-27 4:24 ` Eric W. Biederman
2014-05-26 13:39 ` [RFC][PATCH] netlink: Only check file credentials for implicit destinations Willy Tarreau
2014-05-26 8:38 ` Michael Kerrisk (man-pages)
2014-05-25 5:45 ` [PATCH 5/5] net: Use netlink_ns_capable to verify the permisions of netlink messages Eric W. Biederman
2014-05-25 16:27 ` Andy Lutomirski
2014-05-08 21:29 ` Stephen Hemminger
2014-05-08 21:32 ` Andy Lutomirski
[not found] ` <CA+55aFzOHZcw2o6Cq6rSddSBDZvhgzYToBruak9SLCHxx-fA3Q@mail.gmail.com>
2014-05-08 21:49 ` Andy Lutomirski
2014-05-08 22:07 ` Stephen Hemminger
2014-05-08 21:54 ` David Miller
2014-05-07 23:45 ` David Miller
2014-05-08 21:21 ` Stephen Hemminger
2014-05-08 21:52 ` David Miller
2014-05-08 21:54 ` Andy Lutomirski
2014-04-24 17:45 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140424.134530.1161118921944818883.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=security@kernel.org \
--cc=serge@hallyn.com \
--cc=ssorce@redhat.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).