On 05/13/2016 11:52 AM, Christoph Lameter wrote:
> Sorry slight mistake in the original patch. V2 follows
>
>
>
> Subject: [PATCH] IB/core: Do not require CAP_NET_ADMIN for sniffing V2
>
> Having to enable CAP_NET_ADMIN for every app that uses sniffer mode is kind
> of risky. We do not want people to have the ability to mess around with the
> network configuration and routing. We just want the app to direct streams and
> deal with inbound data streams in various ways.
>
> So lets drop the requirement for CAP_NET_ADMIN and keep just CAP_NET_RAW.
>
> V1->V2
> - Check for CAP_NET_ADMIN was conditional on IB_FLOW_ATTR_SNIFFER. We need
> to remove this in the correct way.
> - Update description
>
>
> Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
>
> Index: linux/drivers/infiniband/core/uverbs_cmd.c
> ===================================================================
> --- linux.orig/drivers/infiniband/core/uverbs_cmd.c 2016-03-24 09:16:27.782778586 -0500
> +++ linux/drivers/infiniband/core/uverbs_cmd.c 2016-05-13 10:49:28.953000945 -0500
> @@ -3088,8 +3088,7 @@ int ib_uverbs_ex_create_flow(struct ib_u
> if (cmd.comp_mask)
> return -EINVAL;
>
> - if ((cmd.flow_attr.type == IB_FLOW_ATTR_SNIFFER &&
> - !capable(CAP_NET_ADMIN)) || !capable(CAP_NET_RAW))
> + if (!capable(CAP_NET_RAW))
> return -EPERM;
>
> if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED)
>
I'm not at all convinced this is the right thing to do. Sniffing of
packets is definitely a privileged operation. Tcpdump needs to be run
as root to do this on regular devices. If not CAP_NET_ADMIN, then a
root check seems appropriate. CAP_NET_RAW does not seem sufficient for
sniffing other people's packets.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature
