diff mbox series

net: allow SO_MARK with CAP_NET_RAW

Message ID 20211123203715.193413-1-zenczykowski@gmail.com (mailing list archive)
State Accepted
Commit 079925cce1d06fe6614b1559b0020497b5b83d6a
Delegated to: Netdev Maintainers
Headers show
Series net: allow SO_MARK with CAP_NET_RAW | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 6 this patch: 6
netdev/cc_maintainers fail 3 maintainers not CCed: edumazet@google.com kuba@kernel.org davem@davemloft.net
netdev/build_clang success Errors and warnings before: 22 this patch: 22
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 10 this patch: 10
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Maciej Żenczykowski Nov. 23, 2021, 8:37 p.m. UTC 
From: Maciej Żenczykowski <maze@google.com>

A CAP_NET_RAW capable process can already spoof (on transmit) anything
it desires via raw packet sockets...  There is no good reason to not
allow it to also be able to play routing tricks on packets from its
own normal sockets.

There is a desire to be able to use SO_MARK for routing table selection
(via ip rule fwmark) from within a user process without having to run
it as root.  Granting it CAP_NET_RAW is much less dangerous than
CAP_NET_ADMIN (CAP_NET_RAW doesn't permit persistent state change,
while CAP_NET_ADMIN does - by for example allowing the reconfiguration
of the routing tables and/or bringing up/down devices).

Let's keep CAP_NET_ADMIN for persistent state changes,
while using CAP_NET_RAW for non-configuration related stuff.

Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/core/sock.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org Nov. 25, 2021, 3:10 a.m. UTC | #1 
Hello:

This patch was applied to netdev/net-next.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 23 Nov 2021 12:37:15 -0800 you wrote:
> From: Maciej Żenczykowski <maze@google.com>
> 
> A CAP_NET_RAW capable process can already spoof (on transmit) anything
> it desires via raw packet sockets...  There is no good reason to not
> allow it to also be able to play routing tricks on packets from its
> own normal sockets.
> 
> [...]

Here is the summary with links:
  - net: allow SO_MARK with CAP_NET_RAW
    https://git.kernel.org/netdev/net-next/c/079925cce1d0

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/core/sock.c b/net/core/sock.c
index 1e49a127adef..4a499d255f40 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1281,7 +1281,8 @@  int sock_setsockopt(struct socket *sock, int level, int optname,
 			clear_bit(SOCK_PASSSEC, &sock->flags);
 		break;
 	case SO_MARK:
-		if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
+		if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
+		    !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
 			ret = -EPERM;
 			break;
 		}