Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Balazs Scheidler

Subject: Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled

Date: Saturday, October 23, 2010 - 7:48 am

On Fri, 2010-10-22 at 06:24 +0900, YOSHIFUJI Hideaki wrote:
quoted text> Hello.
> 
> 2010-10-20, Balazs Scheidler wrote:
> > On Wed, 2010-10-20 at 21:45 +0900, YOSHIFUJI Hideaki wrote:
> > > (2010/10/20 20:21), KOVACS Krisztian wrote:
> > > > From: Balazs Scheidler<bazsi@balabit.hu>
> > > > 
> > > > Signed-off-by: Balazs Scheidler<bazsi@balabit.hu>
> > > > Signed-off-by: KOVACS Krisztian<hidden@balabit.hu>
> > > > ---
> > > >   net/ipv6/af_inet6.c |    2 +-
> > > >   1 files changed, 1 insertions(+), 1 deletions(-)
> > > > 
> > > > diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
> > > > index 6022098..9480572 100644
> > > > --- a/net/ipv6/af_inet6.c
> > > > +++ b/net/ipv6/af_inet6.c
> > > > @@ -343,7 +343,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
> > > >   			 */
> > > >   			v4addr = LOOPBACK4_IPV6;
> > > >   			if (!(addr_type&  IPV6_ADDR_MULTICAST))	{
> > > > -				if (!ipv6_chk_addr(net,&addr->sin6_addr,
> > > > +				if (!inet->transparent&&  !ipv6_chk_addr(net,&addr->sin6_addr,
> > > >   						   dev, 0)) {
> > > >   					err = -EADDRNOTAVAIL;
> > > >   					goto out_unlock;
> > > > 
> > > > 
> > > 
> > > As I wrote before in other thread, this does not seem sufficient --
> > > well, it is sufficient to allow non-local bind, but before we're
> > > allowing this, we need add checks of source address in sending side.
> > 
> > Can you please elaborate or point us to the other thread? Is it some
> > kind of address-type check that we miss?
> 
> Please see my comment at:
> <http://kerneltrap.org/mailarchive/linux-netdev/2010/7/5/6280572>
> 
> This will result in allowing non-privileged users easily sending from
> non-local / unauthorized address, which is not good, and which should
> not be allowed from security aspects.

IP_TRANSPARENT requires root (more precisely CAP_NET_ADMIN privielges)
for IPV6.

However as I see right now this check was missed from the IPv6
implementation.

Is that enough as a safeguard? e.g. something like this:

diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 0553867..f683d2c 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -343,6 +343,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
                break;
 
        case IPV6_TRANSPARENT:
+                if (!capable(CAP_NET_ADMIN)) {
+                        retv = -EPERM;
+                        break;
+                }
                if (optlen < sizeof(int))
                        goto e_inval;
                /* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */



-- 
Bazsi


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 2/9] tproxy: added const specifiers to udp lookup f ..., KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 4/9] tproxy: added tproxy sockopt interface in the ..., KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 5/9] tproxy: allow non-local binds of IPv6 sockets ..., KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 9/9] tproxy: use the interface primary IP address a ..., KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 8/9] tproxy: added IPv6 support to the socket match, KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 7/9] tproxy: added IPv6 support to the TPROXY target, KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 1/9] tproxy: split off ipv6 defragmentation to a se ..., KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 6/9] tproxy: added IPv6 socket lookup function to n ..., KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 3/9] tproxy: added udp6_lib_lookup function, KOVACS Krisztian, (Wed Oct 20, 4:21 am)

[PATCH 0/9] tproxy: add IPv6 support, KOVACS Krisztian, (Wed Oct 20, 4:21 am)

Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sock ..., YOSHIFUJI Hideaki, (Wed Oct 20, 5:45 am)

Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sock ..., Balazs Scheidler, (Wed Oct 20, 7:07 am)

Re: [PATCH 4/9] tproxy: added tproxy sockopt interface in ..., Jan Engelhardt, (Thu Oct 21, 1:39 am)

Re: [PATCH 6/9] tproxy: added IPv6 socket lookup function ..., Jan Engelhardt, (Thu Oct 21, 1:42 am)

Re: [PATCH 4/9] tproxy: added tproxy sockopt interface in ..., KOVACS Krisztian, (Thu Oct 21, 1:46 am)

Re: [PATCH 7/9] tproxy: added IPv6 support to the TPROXY t ..., Jan Engelhardt, (Thu Oct 21, 1:47 am)

Re: [PATCH 7/9] tproxy: added IPv6 support to the TPROXY t ..., KOVACS Krisztian, (Thu Oct 21, 1:50 am)

Re: [PATCH 9/9] tproxy: use the interface primary IP addre ..., Jan Engelhardt, (Thu Oct 21, 2:12 am)

Re: [PATCH 7/9] tproxy: added IPv6 support to the TPROXY t ..., Jan Engelhardt, (Thu Oct 21, 2:14 am)

Re: [PATCH 7/9] tproxy: added IPv6 support to the TPROXY t ..., KOVACS Krisztian, (Thu Oct 21, 2:33 am)

Re: [PATCH 6/9] tproxy: added IPv6 socket lookup function ..., KOVACS Krisztian, (Thu Oct 21, 2:48 am)

Re: [PATCH 9/9] tproxy: use the interface primary IP addre ..., KOVACS Krisztian, (Thu Oct 21, 3:32 am)

Re: [PATCH 4/9] tproxy: added tproxy sockopt interface in ..., YOSHIFUJI Hideaki, (Thu Oct 21, 2:09 pm)

Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sock ..., YOSHIFUJI Hideaki, (Thu Oct 21, 2:24 pm)

Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sock ..., Balazs Scheidler, (Sat Oct 23, 7:48 am)

Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sock ..., YOSHIFUJI Hideaki, (Sat Oct 23, 10:03 pm)

Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sock ..., David Miller, (Sun Oct 24, 4:08 pm)


linux-kernel:
Grant Grundler	Re: [patch] e1000=y && e1000e=m regression fix (was: Re: [regression] e100...
Jörn	Re: [00/41] Large Blocksize Support V7 (adds memmap support)
Christoph Lameter	Re: [bug] SLUB + mm/slab.c boot crash in -rc9
Jeremy Fitzhardinge	Re: [2.6.25] compat VDSO option not disabling
Rafael J. Wysocki	[Bug #11551] Semi-repeatable hard lockup on 2.6.27-rc6
git:
Pat Thoyts	[PATCH] git-gui: use themed tk widgets with Tk 8.5
Stephan Beyer	Re: git sequencer prototype
Frans Pop	'git gc --aggressive' effectively unusable
Lynn Lin	Re: clearcase migration to git
Johannes Schindelin	Re: [PATCH 2/3] unpack-trees: fix path search bug in verify_absent
linux-netdev:
William Allen Simpson	[net-next-2.6 PATCH v8 0/7] TCPCT part 1: cookie option exchange
David Woodhouse	Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
David Miller	Re: [PATCH 2/2] macb: process the RX ring regardless of interrupt status
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
openbsd-misc:
nixlists	Re: Which laptops do the developers use?
L. V. Lammert	OT, .. but has anyone seen a crontab editor
Nick Holland	Re: Upgrade 4.1->4.2->4.3
Darrin Chandler	Re: That whole "Linux stealing our code" thing
Siju George	Re: Blocking Teamviewer
git-commits-head:
Linux Kernel Mailing List	sparc64: Fix sun4u execute bit check in TSB I-TLB load.
Linux Kernel Mailing List	init: Open /dev/console from rootfs
Linux Kernel Mailing List	x86 boot: only pick up additional EFI memmap if add_efi_memmap flag
Linux Kernel Mailing List	Remove empty comment in acpi/power.c
Linux Kernel Mailing List	udp: fix for unicast RX path optimization