Thread (19 messages) 19 messages, 4 authors, 2025-02-06

Re: Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check")

From: stsp <hidden>
Date: 2025-01-27 15:06:25
Also in: linux-security-module, selinux 

27.01.2025 17:50, Willem de Bruijn пишет:
Thanks for the report Ondrej.

Agreed that we need to reinstate this. I suggest this explicit
extra branch after the more likely cases:

         @@ -585,6 +585,9 @@ static inline bool tun_capable(struct tun_struct *tun)
         		return 1;
         	if (gid_valid(tun->group) && in_egroup_p(tun->group))
         		return 1;
         +       if (!uid_valid(tun->owner) && !gid_valid(tun->group))
         +               return 1;
         +
         	return 0;
          }

The intent clearly has always been to allow access if owner and group
are not explicitly set.
Perfectly fine with me.
I'd raise the question about
the security implications, but
definitely not within this
regression subject.
Related discussions
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help