[NET]: Require CAP_NET_ADMIN to create tuntap devices.

The tuntap driver allows an admin to create persistent devices and
assign ownership of them to individual users. Unfortunately, relaxing
the permissions on the /dev/net/tun device node so that they can
actually use those devices will _also_ allow those users to create
arbitrary new devices of their own. This patch corrects that, and
adjusts the recommended permissions for the device node accordingly.

Signed-off-By: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Documentation/networking/tuntap.txt

@@ -39,10 +39,13 @@ Copyright (C) 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com>
      mknod /dev/net/tun c 10 200
   
   Set permissions:
-     e.g. chmod 0700 /dev/net/tun
+     e.g. chmod 0666 /dev/net/tun
-     if you want the device only accessible by root. Giving regular users the
+     There's no harm in allowing the device to be accessible by non-root users,
-     right to assign network devices is NOT a good idea. Users could assign
+     since CAP_NET_ADMIN is required for creating network devices or for 
-     bogus network interfaces to trick firewalls or administrators.
+     connecting to network devices which aren't owned by the user in question.
+     If you want to create persistent devices and give ownership of them to 
+     unprivileged users, then you need the /dev/net/tun device to be usable by
+     those users.
 
   Driver module autoloading
 

drivers/net/tun.c

@@ -490,6 +490,9 @@ static int tun_set_iff(struct file *file, struct ifreq *ifr)
 
 		err = -EINVAL;
 
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		/* Set dev type */
 		if (ifr->ifr_flags & IFF_TUN) {
 			/* TUN device */