Re: [PATCH v2 09/25] tcp: authopt: Disable via sysctl by default
From: Dmitry Safonov <hidden>
Date: 2021-11-05 01:46:18
Also in:
linux-crypto, linux-kselftest, lkml
From: Dmitry Safonov <hidden>
Date: 2021-11-05 01:46:18
Also in:
linux-crypto, linux-kselftest, lkml
On 11/1/21 16:34, Leonard Crestez wrote:
This is mainly intended to protect against local privilege escalations through a rarely used feature so it is deliberately not namespaced. Enforcement is only at the setsockopt level, this should be enough to ensure that the tcp_authopt_needed static key never turns on. No effort is made to handle disabling when the feature is already in use. Signed-off-by: Leonard Crestez <redacted> ---
[..]
diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index 5e80e5e5e36e..7c49dcce7d24 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c@@ -3,10 +3,15 @@ #include <linux/kernel.h> #include <net/tcp.h> #include <net/tcp_authopt.h> #include <crypto/hash.h> +/* This is mainly intended to protect against local privilege escalations through + * a rarely used feature so it is deliberately not namespaced. + */ +int sysctl_tcp_authopt;
Could you add pr_warn_once() for setsockopt() without this set, so that
it's visible in dmesg for a user that gets -EPERM.
Thanks,
Dmitry