Hi Jinmeng, > Hi, our tool finds several missing check bugs on > Linux kernel v4.18.5 using static analysis. > We are looking forward to having more experts' eyes on this. Thank you! > > Before calling sk_alloc() with SOCK_RAW type, > there should be a permission check, ns_capable(ns,CAP_NET_RAW). > For example, says who? The appropriate checks are actually present, just not at sock_create. Some are at sock_bind. Regards Marcel
