[Trusty] [CVE-2014-0181] [PATCH 1/6] net: Fix permission check in, netlink_connect()
Maarten Lankhorst
maarten.lankhorst at canonical.com
Thu Jul 3 12:54:09 UTC 2014
BugLink: https://launchpad.net/bugs/1312989
netlink_sendmsg() was changed to prevent non-root processes from sending
messages with dst_pid != 0.
netlink_connect() however still only checks if nladdr->nl_groups is set.
This patch modifies netlink_connect() to check for the same condition.
Signed-off-by: Mike Pecovnik <mike.pecovnik at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 46833a86f7ab30101096d81117dd250bfae74c6f)
Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
---
net/netlink/af_netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index bca50b9..2f90520 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1481,8 +1481,8 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
if (addr->sa_family != AF_NETLINK)
return -EINVAL;
- /* Only superuser is allowed to send multicasts */
- if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
+ if ((nladdr->nl_groups || nladdr->nl_pid) &&
+ !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
return -EPERM;
if (!nlk->portid)
--
2.0.0
More information about the kernel-team
mailing list