tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

tun: fix group permission check

Currently tun checks the group permission even if the user have matched.
Besides going against the usual permission semantic, this has a
very interesting implication: if the tun group is not among the
supplementary groups of the tun user, then effectively no one can
access the tun device. CAP_SYS_ADMIN still can, but its the same as
not setting the tun ownership.

This patch relaxes the group checking so that either the user match
or the group match is enough. This avoids the situation when no one
can access the device even though the ownership is properly set.

Also I simplified the logic by removing the redundant inversions:
tun_not_capable() --> !tun_capable()

Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Link: https://patch.msgid.link/20241205073614.294773-1-stsp2@yandex.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Stas Sergeev and committed by
Jakub Kicinski 3ca459ea 81d89e6e

+9 -5
+9 -5
drivers/net/tun.c
··· 574 574 return ret; 575 575 } 576 576 577 - static inline bool tun_not_capable(struct tun_struct *tun) 577 + static inline bool tun_capable(struct tun_struct *tun) 578 578 { 579 579 const struct cred *cred = current_cred(); 580 580 struct net *net = dev_net(tun->dev); 581 581 582 - return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) || 583 - (gid_valid(tun->group) && !in_egroup_p(tun->group))) && 584 - !ns_capable(net->user_ns, CAP_NET_ADMIN); 582 + if (ns_capable(net->user_ns, CAP_NET_ADMIN)) 583 + return 1; 584 + if (uid_valid(tun->owner) && uid_eq(cred->euid, tun->owner)) 585 + return 1; 586 + if (gid_valid(tun->group) && in_egroup_p(tun->group)) 587 + return 1; 588 + return 0; 585 589 } 586 590 587 591 static void tun_set_real_num_queues(struct tun_struct *tun) ··· 2782 2778 !!(tun->flags & IFF_MULTI_QUEUE)) 2783 2779 return -EINVAL; 2784 2780 2785 - if (tun_not_capable(tun)) 2781 + if (!tun_capable(tun)) 2786 2782 return -EPERM; 2787 2783 err = security_tun_dev_open(tun->security); 2788 2784 if (err < 0)