Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 898eeca02a55e354c42a7aa5cdfebf16c3742f44
commit898eeca02a55e354c42a7aa5cdfebf16c3742f44[log] [tgz]
authorKevin Cernekee <cernekee@chromium.org>Tue Dec 05 15:42:41 2017 -0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Jan 31 12:55:52 2018 +0100
tree1d6bb1fb72a99da4d300ed278d563cb5031d3dbd
parent2c3184ea80322347287bc7e57f782d77f478e73c [diff]
netfilter: xt_osf: Add missing permission checks

commit 916a27901de01446bcf57ecca4783f6cff493309 upstream.

The capability check in nfnetlink_rcv() verifies that the caller
has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
However, xt_osf_fingers is shared by all net namespaces on the
system.  An unprivileged user can create user and net namespaces
in which he holds CAP_NET_ADMIN to bypass the netlink_net_capable()
check:

    vpnns -- nfnl_osf -f /tmp/pf.os

    vpnns -- nfnl_osf -f /tmp/pf.os -d

These non-root operations successfully modify the systemwide OS
fingerprint list.  Add new capable() checks so that they can't.

Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 1d6bb1fb72a99da4d300ed278d563cb5031d3dbd
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS