Possible mistake in commit 3ca459eaba1b ("tun: fix group permission check")
stsp
stsp2 at yandex.ru
Mon Jan 27 14:58:13 UTC 2025
27.01.2025 17:50, Willem de Bruijn пишет:
> Thanks for the report Ondrej.
>
> Agreed that we need to reinstate this. I suggest this explicit
> extra branch after the more likely cases:
>
> @@ -585,6 +585,9 @@ static inline bool tun_capable(struct tun_struct *tun)
> return 1;
> if (gid_valid(tun->group) && in_egroup_p(tun->group))
> return 1;
> + if (!uid_valid(tun->owner) && !gid_valid(tun->group))
> + return 1;
> +
> return 0;
> }
>
> The intent clearly has always been to allow access if owner and group
> are not explicitly set.
Perfectly fine with me.
I'd raise the question about
the security implications, but
definitely not within this
regression subject.
More information about the Linux-security-module-archive
mailing list