Thread (55 messages) 55 messages, 5 authors, 2021-11-05

Re: [PATCH v2 09/25] tcp: authopt: Disable via sysctl by default

From: Dmitry Safonov <hidden>
Date: 2021-11-05 01:46:18
Also in: linux-crypto, linux-kselftest, lkml

On 11/1/21 16:34, Leonard Crestez wrote:
This is mainly intended to protect against local privilege escalations
through a rarely used feature so it is deliberately not namespaced.

Enforcement is only at the setsockopt level, this should be enough to
ensure that the tcp_authopt_needed static key never turns on.

No effort is made to handle disabling when the feature is already in
use.

Signed-off-by: Leonard Crestez <redacted>
---
[..]
quoted hunk ↗ jump to hunk
diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c
index 5e80e5e5e36e..7c49dcce7d24 100644
--- a/net/ipv4/tcp_authopt.c
+++ b/net/ipv4/tcp_authopt.c
@@ -3,10 +3,15 @@
 #include <linux/kernel.h>
 #include <net/tcp.h>
 #include <net/tcp_authopt.h>
 #include <crypto/hash.h>
 
+/* This is mainly intended to protect against local privilege escalations through
+ * a rarely used feature so it is deliberately not namespaced.
+ */
+int sysctl_tcp_authopt;
Could you add pr_warn_once() for setsockopt() without this set, so that
it's visible in dmesg for a user that gets -EPERM.

Thanks,
          Dmitry
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help