From: Andi K. <ak...@su...> - 2000-08-25 12:35:17
|
On Fri, Aug 25, 2000 at 01:28:42PM +0100, David Woodhouse wrote: > > ku...@ms... said: > > Ethertap device has just been replaced. > > netlink_dev is open for removal rather than for improvements. > > OK. The new Ethertap in 2.4 looks far nicer. > > 2.2 is still a problem though. I'd like to see either the new Ethertap or > this patch go in. > > Index: include/net/sock.h > =================================================================== > RCS file: /inst/cvs/linux/include/net/sock.h,v > retrieving revision 1.8 > diff -u -r1.8 sock.h > --- include/net/sock.h 2000/06/07 09:55:39 1.8 > +++ include/net/sock.h 2000/08/23 12:05:09 > @@ -115,6 +115,7 @@ > unsigned groups; > pid_t dst_pid; > unsigned dst_groups; > + int netlink_dev; > int (*handler)(int unit, struct sk_buff *skb); > atomic_t locks; > struct netlink_callback *cb; > Index: net/netlink/af_netlink.c > =================================================================== > RCS file: /inst/cvs/linux/net/netlink/af_netlink.c,v > retrieving revision 1.5 > diff -u -r1.5 af_netlink.c > --- net/netlink/af_netlink.c 2000/06/07 09:54:25 1.5 > +++ net/netlink/af_netlink.c 2000/08/23 12:05:50 > @@ -254,7 +254,8 @@ > return -EINVAL; > > /* Only superuser is allowed to listen multicasts */ > - if (nladdr->nl_groups && !capable(CAP_NET_ADMIN)) > + if (nladdr->nl_groups && !sk->protinfo.af_netlink.netlink_dev && > + !capable(CAP_NET_ADMIN)) > return -EPERM; A nlsocket with opened character devices can still be accessed via sockets too, so you just opened a security hole. -Andi |