From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: Stas Sergeev <stsp2@yandex.ru>, linux-kernel@vger.kernel.org
Cc: Stas Sergeev <stsp2@yandex.ru>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
Jason Wang <jasowang@redhat.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, agx@sigxcpu.org,
jdike@linux.intel.com
Subject: Re: [PATCH net-next] tun: fix group permission check
Date: Sun, 17 Nov 2024 10:04:24 -0500 [thread overview]
Message-ID: <673a05f83211d_11eccf2940@willemb.c.googlers.com.notmuch> (raw)
In-Reply-To: <20241117090514.9386-1-stsp2@yandex.ru>
Stas Sergeev wrote:
> Currently tun checks the group permission even if the user have matched.
> Besides going against the usual permission semantic, this has a
> very interesting implication: if the tun group is not among the
> supplementary groups of the tun user, then effectively no one can
> access the tun device. CAP_SYS_ADMIN still can, but its the same as
> not setting the tun ownership.
>
> This patch relaxes the group checking so that either the user match
> or the group match is enough. This avoids the situation when no one
> can access the device even though the ownership is properly set.
>
> Also I simplified the logic by removing the redundant inversions:
> tun_not_capable() --> !tun_capable()
>
> Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
This behavior goes back through many patches to commit 8c644623fe7e:
[NET]: Allow group ownership of TUN/TAP devices.
Introduce a new syscall TUNSETGROUP for group ownership setting of tap
devices. The user now is allowed to send packages if either his euid or
his egid matches the one specified via tunctl (via -u or -g
respecitvely). If both, gid and uid, are set via tunctl, both have to
match.
The choice evidently was on purpose. Even if indeed non-standard.
next prev parent reply other threads:[~2024-11-17 15:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-17 9:05 [PATCH net-next] tun: fix group permission check Stas Sergeev
2024-11-17 15:04 ` Willem de Bruijn [this message]
2024-11-18 21:40 ` Willem de Bruijn
2024-11-19 10:51 ` Paolo Abeni
2024-11-19 10:54 ` stsp
2024-11-19 9:42 ` stsp
2024-11-19 14:56 ` Willem de Bruijn
-- strict thread matches above, loose matches on Subject: below --
2024-12-05 7:36 Stas Sergeev
2024-12-05 16:50 ` Willem de Bruijn
2024-12-06 2:42 ` Jason Wang
2024-12-08 1:44 ` Jakub Kicinski
2024-12-08 1:44 ` Jakub Kicinski
2024-12-08 6:53 ` stsp
2024-12-09 21:44 ` Jakub Kicinski
2024-12-09 21:53 ` stsp
2024-12-08 1:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=673a05f83211d_11eccf2940@willemb.c.googlers.com.notmuch \
--to=willemdebruijn.kernel@gmail.com \
--cc=agx@sigxcpu.org \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jasowang@redhat.com \
--cc=jdike@linux.intel.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stsp2@yandex.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox