mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 04:16:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/include/net
History
Ido Schimmel d9478fe0a8 drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group 
commit e03781879a upstream.

The "NET_DM" generic netlink family notifies drop locations over the
"events" multicast group. This is problematic since by default generic
netlink allows non-root users to listen to these notifications.

Fix by adding a new field to the generic netlink multicast group
structure that when set prevents non-root users or root without the
'CAP_SYS_ADMIN' capability (in the user namespace owning the network
namespace) from joining the group. Set this field for the "events"
group. Use 'CAP_SYS_ADMIN' rather than 'CAP_NET_ADMIN' because of the
nature of the information that is shared over this group.

Note that the capability check in this case will always be performed
against the initial user namespace since the family is not netns aware
and only operates in the initial network namespace.

A new field is added to the structure rather than using the "flags"
field because the existing field uses uAPI flags and it is inappropriate
to add a new uAPI flag for an internal kernel check. In net-next we can
rework the "flags" field to use internal flags and fold the new field
into it. But for now, in order to reduce the amount of changes, add a
new field.

Since the information can only be consumed by root, mark the control
plane operations that start and stop the tracing as root-only using the
'GENL_ADMIN_PERM' flag.

Tested using [1].

Before:

 # capsh -- -c ./dm_repo
 # capsh --drop=cap_sys_admin -- -c ./dm_repo

After:

 # capsh -- -c ./dm_repo
 # capsh --drop=cap_sys_admin -- -c ./dm_repo
 Failed to join "events" multicast group

[1]
 $ cat dm.c
 #include <stdio.h>
 #include <netlink/genl/ctrl.h>
 #include <netlink/genl/genl.h>
 #include <netlink/socket.h>

 int main(int argc, char **argv)
 {
 	struct nl_sock *sk;
 	int grp, err;

 	sk = nl_socket_alloc();
 	if (!sk) {
 		fprintf(stderr, "Failed to allocate socket\n");
 		return -1;
 	}

 	err = genl_connect(sk);
 	if (err) {
 		fprintf(stderr, "Failed to connect socket\n");
 		return err;
 	}

 	grp = genl_ctrl_resolve_grp(sk, "NET_DM", "events");
 	if (grp < 0) {
 		fprintf(stderr,
 			"Failed to resolve \"events\" multicast group\n");
 		return grp;
 	}

 	err = nl_socket_add_memberships(sk, grp, NFNLGRP_NONE);
 	if (err) {
 		fprintf(stderr, "Failed to join \"events\" multicast group\n");
 		return err;
 	}

 	return 0;
 }
 $ gcc -I/usr/include/libnl3 -lnl-3 -lnl-genl-3 -o dm_repo dm.c

Fixes: 9a8afc8d39 ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol")
Reported-by: "The UK's National Cyber Security Centre (NCSC)" <security@ncsc.gov.uk>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://lore.kernel.org/r/20231206213102.1824398-3-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-12-13 16:46:18 +01:00
..
9p 9p: Implement show_options 2017-07-11 06:08:58 -04:00
bluetooth Bluetooth: hci_core: Fix build warnings 2023-10-25 11:13:32 +02:00
caif net: caif: add proper error handling 2021-06-10 12:43:51 +02:00
iucv License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netfilter netfilter: nf_tables: report use refcount overflow 2023-08-16 18:10:54 +02:00
netns xfrm: fix a data-race in xfrm_gen_index() 2023-10-25 11:13:31 +02:00
nfc NFC: add NCI_UNREG flag to eliminate the race 2021-12-08 08:46:52 +01:00
phonet phonet: fix building with clang 2019-03-23 14:35:16 +01:00
sctp sctp: use call_rcu to free endpoint 2022-01-05 12:33:49 +01:00
tc_act net/sched: don't dereference a->goto_chain to read the chain index 2019-05-04 09:15:20 +02:00
6lowpan.h
act_api.h net sched: fix reporting the first-time use timestamp 2020-06-03 08:17:33 +02:00
addrconf.h ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-08-21 09:48:00 +02:00
af_ieee802154.h
af_rxrpc.h rxrpc: Allow failed client calls to be retried 2017-08-29 10:55:20 +01:00
af_unix.h net: split out functions related to registering inflight socket files 2021-08-04 12:22:14 +02:00
af_vsock.h VSOCK: use TCP state constants for sk_state 2019-08-04 09:31:59 +02:00
ah.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
arp.h ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled 2019-06-11 12:21:51 +02:00
atmclip.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ax25.h ax25: fix reference count leaks of ax25_dev 2022-04-27 13:15:32 +02:00
ax88796.h
bond_3ad.h bonding: fix data-races around agg_select_timer 2022-02-23 11:57:34 +01:00
bond_alb.h
bond_options.h bonding: Prevent duplicate userspace notification 2017-05-27 18:51:41 -04:00
bonding.h bonding: wait for sysfs kobject destruction before freeing struct slave 2020-12-08 10:17:33 +01:00
busy_poll.h net: Fix a data-race around sysctl_net_busy_poll. 2022-09-05 10:25:04 +02:00
calipso.h net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
cfg80211-wext.h
cfg80211.h mac80211: properly handle A-MSDUs that start with an RFC 1042 header 2021-06-03 08:36:13 +02:00
cfg802154.h
checksum.h openvswitch: Fix setting ipv6 fields causing hw csum failure 2022-03-02 11:33:55 +01:00
cipso_ipv4.h net, ipv4: convert cipso_v4_doi.refcount from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
datalink.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dcbevent.h
dcbnl.h
devlink.h devlink: Add IPv6 header for dpipe 2017-08-31 14:42:19 -07:00
dsa.h net: dsa: Allow switch drivers to indicate number of TX queues 2017-09-05 11:53:34 -07:00
dsfield.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dst.h net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb 2020-07-22 09:22:20 +02:00
dst_cache.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dst_metadata.h net: fix a memleak when uncloning an skb dst and its metadata 2022-02-16 12:44:51 +01:00
dst_ops.h net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 14:00:14 +01:00
erspan.h gre: introduce native tunnel support for ERSPAN 2017-08-22 14:29:30 -07:00
esp.h esp: limit skb_page_frag_refill use to a single page 2022-07-12 16:27:27 +02:00
ethoc.h
fib_notifier.h net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib_rules.h fib: add missing attribute validation for tun_id 2020-03-20 10:54:10 +01:00
firewire.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
flow.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
flow_dissector.h net: sched: correct flower port blocking 2020-03-11 18:02:48 +01:00
fou.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fq.h net/flow_dissector: switch to siphash 2019-11-10 11:25:37 +01:00
fq_impl.h net/flow_dissector: switch to siphash 2019-11-10 11:25:37 +01:00
garp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gen_stats.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
genetlink.h drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group 2023-12-13 16:46:18 +01:00
geneve.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gre.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gro_cells.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gtp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gue.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hwbm.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
icmp.h net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-03 18:22:57 +01:00
ieee80211_radiotap.h
ieee802154_netdev.h net: ieee802154: return -EINVAL for unknown addr type 2022-10-26 13:17:13 +02:00
if_inet6.h net, ipv6: convert ifacaddr6.aca_refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
ife.h net: sched: ife: handle malformed tlv length 2018-04-29 11:33:13 +02:00
ila.h
inet6_connection_sock.h
inet6_hashtables.h net: ipv6: add second dif to inet6 socket lookups 2017-08-07 11:39:22 -07:00
inet_common.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
inet_connection_sock.h net: refactor bind_bucket fastreuse into helper 2020-08-21 09:48:14 +02:00
inet_ecn.h vlan: consolidate VLAN parsing code and limit max parsing depth 2020-12-11 13:39:03 +01:00
inet_frag.h net: IP defrag: encapsulate rbtree defrag code into callable functions 2019-04-27 09:35:40 +02:00
inet_hashtables.h secure_seq: use the 64 bits of the siphash for port offset calculation 2022-06-06 08:20:56 +02:00
inet_sock.h tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. 2022-07-29 17:06:49 +02:00
inet_timewait_sock.h soreuseport: initialise timewait reuseport field 2018-05-16 10:10:24 +02:00
inetpeer.h net: ipv4: use a dedicated counter for icmp_v4 redirect packets 2019-02-23 09:06:42 +01:00
ip.h ip: Fix a data-race around sysctl_fwmark_reflect. 2022-07-29 17:06:49 +02:00
ip6_checksum.h
ip6_fib.h ipv6: fix the check before getting the cookie in rt6_get_cookie 2019-06-11 12:21:47 +02:00
ip6_route.h net: ipv6: fix return value of ip6_skb_dst_mtu 2021-07-28 11:12:15 +02:00
ip6_tunnel.h ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL 2019-07-21 09:04:28 +02:00
ip_fib.h net: ipv4: Fix memory leak in network namespace dismantle 2019-01-31 08:13:42 +01:00
ip_tunnels.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_vs.h ipvs: allow connection reuse for unconfirmed conntrack 2020-08-21 09:48:08 +02:00
ipcomp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ipconfig.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ipv6.h tcp: Reduce chance of collisions in inet6_hashfn(). 2023-08-11 11:33:50 +02:00
ipv6_frag.h ip6: fix skb leak in ip6frag_expire_frag_queue() 2019-09-16 08:20:44 +02:00
ipx.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iw_handler.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
kcm.h
l3mdev.h ipvlan, l3mdev: fix broken l3s mode wrt local routes 2019-02-06 17:31:33 +01:00
lapb.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
lib80211.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
llc.h llc: fix out-of-bound array index in llc_sk_dev_hash() 2021-11-26 11:40:36 +01:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h llc: Make llc_conn_ev_qfyr_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_conn.h llc: fix sk_buff leak in llc_conn_service() 2019-11-06 12:43:36 +01:00
llc_if.h
llc_pdu.h net: llc: fix skb_over_panic 2021-08-04 12:22:17 +02:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h lwt: Check LWTUNNEL_XMIT_CONTINUE strictly 2023-09-23 10:46:55 +02:00
mac80211.h mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 2018-05-30 07:51:58 +02:00
mac802154.h
mip6.h
mld.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpls.h
mpls_iptunnel.h
mrp.h mrp: introduce active flags to prevent UAF when applicant uninit 2023-01-18 09:26:32 +01:00
ncsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ndisc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
neighbour.h neighbour: delete neigh_lookup_nodev as not used 2023-06-21 15:38:59 +02:00
net_namespace.h netns: provide pure entropy for net_hash_mix() 2019-04-17 08:37:50 +02:00
net_ratelimit.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netevent.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netlabel.h net: convert netlbl_lsm_cache.refcount from atomic_t to refcount_t 2017-07-01 07:39:09 -07:00
netlink.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netprio_cgroup.h
netrom.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nexthop.h net: fix rtnh_ok() 2018-05-16 10:10:23 +02:00
nl802154.h net: ieee802154: handle iftypes as u32 2021-12-08 08:46:48 +01:00
nsh.h net: add NSH header structures and helpers 2017-08-29 15:16:52 -07:00
p8022.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ping.h
pkt_cls.h net_sched: introduce tcf_exts_get_net() and tcf_exts_put_net() 2017-11-09 10:03:09 +09:00
pkt_sched.h net/sched: make psched_mtu() RTNL-less safe 2023-08-11 11:33:44 +02:00
pptp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
protocol.h tcp/udp: Make early_demux back namespacified. 2022-11-10 15:47:22 +01:00
psample.h psample: Add a fwd declaration for skbuff 2021-08-26 08:37:02 -04:00
psnap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
raw.h net: ipv4: add second dif to raw socket lookups 2017-08-07 11:39:21 -07:00
rawv6.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
red.h sch_red: fix off-by-one checks in red_check_params() 2021-04-16 11:57:49 +02:00
regulatory.h regulatory: add NUL to request alpha2 2018-05-30 07:52:01 +02:00
request_sock.h net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head 2020-01-27 14:46:50 +01:00
rose.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
route.h ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu 2018-05-30 07:52:14 +02:00
rtnetlink.h can: dev: Move device back to init netns on owning netns delete 2021-03-30 14:40:12 +02:00
sch_generic.h net_sched: restore "mpu xxx" handling 2022-01-27 09:01:01 +01:00
scm.h scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-05-17 11:11:41 +02:00
secure_seq.h secure_seq: use the 64 bits of the siphash for port offset calculation 2022-06-06 08:20:56 +02:00
seg6.h ipv6: sr: add support for ip4ip6 encapsulation 2017-08-25 17:10:23 -07:00
seg6_hmac.h
slhc_vj.h slip: Check if rstate is initialized before uncompressing 2018-04-19 08:56:16 +02:00
smc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
snmp.h
sock.h net: annotate data-races around sk->sk_dst_pending_confirm 2023-11-28 16:45:43 +00:00
sock_reuseport.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Space.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
strparser.h strparser: Use delayed work instead of timer for msg timeout 2017-10-25 10:37:11 +09:00
switchdev.h net: switchdev: Remove bridge bypass support from switchdev 2017-08-07 14:48:48 -07:00
tcp.h tcp: annotate data-races around tp->notsent_lowat 2023-08-11 11:33:49 +02:00
tcp_states.h
timewait_sock.h
tls.h tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used. 2018-12-05 19:41:10 +01:00
transp_v6.h udp: fix rx queue len reported by diag and proc interface 2018-06-26 08:06:28 +08:00
tso.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tun_proto.h vxlan: factor out VXLAN-GPE next protocol 2017-08-29 15:16:52 -07:00
udp.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2023-04-26 11:18:57 +02:00
udp_tunnel.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udplite.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2023-04-26 11:18:57 +02:00
vsock_addr.h
vxlan.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wext.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wimax.h
x25.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
x25device.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm.h xfrm: policy: match with both mark and mask on user interfaces 2022-04-20 09:08:31 +02:00