Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Devin Kim 85c85ee651 netlink: fix possible spoofing from non-root processes 
Non-root user-space processes can send Netlink messages to other
processes that are well-known for being subscribed to Netlink
asynchronous notifications. This allows ilegitimate non-root
process to send forged messages to Netlink subscribers.

The userspace process usually verifies the legitimate origin in
two ways:

a) Socket credentials. If UID != 0, then the message comes from
   some ilegitimate process and the message needs to be dropped.

b) Netlink portID. In general, portID == 0 means that the origin
   of the messages comes from the kernel. Thus, discarding any
   message not coming from the kernel.

However, ctnetlink sets the portID in event messages that has
been triggered by some user-space process, eg. conntrack utility.
So other processes subscribed to ctnetlink events, eg. conntrackd,
know that the event was triggered by some user-space action.

Neither of the two ways to discard ilegitimate messages coming
from non-root processes can help for ctnetlink.

This patch adds capability validation in case that dst_pid is set
in netlink_sendmsg(). This approach is aggressive since existing
applications using any Netlink bus to deliver messages between
two user-space processes will break. Note that the exception is
NETLINK_USERSOCK, since it is reserved for netlink-to-netlink
userspace communication.

Still, if anyone wants that his Netlink bus allows netlink-to-netlink
userspace, then they can set NL_NONROOT_SEND. However, by default,
I don't think it makes sense to allow to use NETLINK_ROUTE to
communicate two processes that are sending no matter what information
that is not related to link/neighbouring/routing. They should be using
NETLINK_USERSOCK instead for that.

Change-Id: Ib1c38cb798391b51dedddf62a862346d36119ec7
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-04 12:46:01 -08:00
..
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: Block SCO disconnect operation on BT_CLOSED state. 2013-02-27 18:20:11 -08:00
bridge
caif
can
ceph
core
dcb
dccp
decnet
dns_resolver
dsa
econet
ethernet
ieee802154
ipv4 net: Fix compile warning in tcp.c 2013-02-25 11:37:03 -08:00
ipv6
ipx
irda
iucv
key
l2tp
lapb
llc
mac80211
netfilter
netlabel
netlink netlink: fix possible spoofing from non-root processes 2013-03-04 12:46:01 -08:00
netrom
nfc
openvswitch
packet
phonet
rds
rfkill
rose
rxrpc
sched net: sched: Schedule PRIO qdisc when flow control released 2013-02-27 18:18:56 -08:00
sctp
sunrpc
tipc
unix af_netlink: force credentials passing [CVE-2012-3520] 2013-03-04 12:46:00 -08:00
wanrouter
wimax
wireless net/wireless: Check for number of sub bands 2013-02-25 11:37:00 -08:00
x25
xfrm
activity_stats.c
compat.c
Kconfig
Makefile
nonet.c
socket.c
sysctl_net.c