NetBSD Problem Report #40603
From bad@bsd.de Tue Feb 10 22:49:34 2009
Return-Path: <bad@bsd.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 3F0E763C0C0
for <gnats-bugs@gnats.NetBSD.org>; Tue, 10 Feb 2009 22:49:34 +0000 (UTC)
Message-Id: <20090210224630.49F432BC98@irregular-apocalypse.k.bsd.de>
Date: Tue, 10 Feb 2009 23:46:30 +0100 (CET)
From: bad@bsd.de
Reply-To: bad@bsd.de
To: gnats-bugs@gnats.NetBSD.org
Subject: anyone can add/delete link addresses on interfaces
X-Send-Pr-Version: 3.95
>Number: 40603
>Category: kern
>Synopsis: unprivileged users can add and delete interface link addresses
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Feb 10 22:50:00 +0000 2009
>Closed-Date: Wed Mar 25 03:02:09 +0000 2009
>Last-Modified: Wed Mar 25 03:02:09 +0000 2009
>Originator: Christoph Badura
>Release: NetBSD 5.99.4
>Organization:
>Environment:
System: NetBSD not-invented-here 5.99.4 NetBSD 5.99.4 (gaol_domu) #13: Tue Feb 10 22:56:40 CET 2009 bad@not-invented-here:/home/bad/gaol_domu i386
Architecture: i386
Machine: i386
>Description:
Unprivileged users can add and delete interface link addresses.
net/link_proto.c:link_control() doesn't check for privileges for
the SIOCALIFADDR and SIOCDLIFADDR ioctl commands.
>How-To-Repeat:
int=xennet0
ifconfig $int link aa:00:23:17:42:ec
ifconfig $int | grep link
ifconfig $int link aa:00:23:17:42:ec -alias
ifconfig $int | grep link
>Fix:
Add the following code in link_control() after
case SIOCDLIFADDR:
if (l == NULL)
return (EPERM);
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0)
return (EPERM);
/*FALLTHROUGH*/
Or centralize the check in net/if.c:ifioctl().
The same check is done in netinet/in.c:in_control().
>Release-Note:
>Audit-Trail:
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40603 CVS commit: src/sys
Date: Thu, 12 Feb 2009 19:05:36 +0000 (UTC)
Module Name: src
Committed By: christos
Date: Thu Feb 12 19:05:36 UTC 2009
Modified Files:
src/sys/net: if.c
src/sys/netinet: in.c
Log Message:
PR/40603: Christoph Badura: unprivileged users can add and delete interface
link addresses. Fixed by centralizing the test as suggested. Will pull up
to 5.0 once submitter tests the fix.
To generate a diff of this commit:
cvs rdiff -r1.232 -r1.233 src/sys/net/if.c
cvs rdiff -r1.130 -r1.131 src/sys/netinet/in.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Christoph Badura <bad@bsd.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: PR/40603 CVS commit: src/sys
Date: Thu, 12 Feb 2009 20:31:40 +0000
On Thu, Feb 12, 2009 at 07:10:06PM +0000, Christos Zoulas wrote:
> PR/40603: Christoph Badura: unprivileged users can add and delete interface
> link addresses. Fixed by centralizing the test as suggested. Will pull up
> to 5.0 once submitter tests the fix.
I have tested the fix and it works as expected for calls from userland.
--chb
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40603 CVS commit: [netbsd-5] src/sys/net
Date: Tue, 24 Feb 2009 02:26:42 +0000 (UTC)
Module Name: src
Committed By: snj
Date: Tue Feb 24 02:26:42 UTC 2009
Modified Files:
src/sys/net [netbsd-5]: if.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #459):
sys/net/if.c: revision 1.233
PR/40603: Christoph Badura: unprivileged users can add and delete interface
link addresses. Fixed by centralizing the test as suggested. Will pull up
to 5.0 once submitter tests the fix.
To generate a diff of this commit:
cvs rdiff -r1.230 -r1.230.4.1 src/sys/net/if.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 25 Mar 2009 03:02:09 +0000
State-Changed-Why:
Fixed.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.