On 05/13/2016 11:52 AM, Christoph Lameter wrote: > Sorry slight mistake in the original patch. V2 follows > > > > Subject: [PATCH] IB/core: Do not require CAP_NET_ADMIN for sniffing V2 > > Having to enable CAP_NET_ADMIN for every app that uses sniffer mode is kind > of risky. We do not want people to have the ability to mess around with the > network configuration and routing. We just want the app to direct streams and > deal with inbound data streams in various ways. > > So lets drop the requirement for CAP_NET_ADMIN and keep just CAP_NET_RAW. > > V1->V2 > - Check for CAP_NET_ADMIN was conditional on IB_FLOW_ATTR_SNIFFER. We need > to remove this in the correct way. > - Update description > > > Signed-off-by: Christoph Lameter <cl@xxxxxxxxx> > > Index: linux/drivers/infiniband/core/uverbs_cmd.c > =================================================================== > --- linux.orig/drivers/infiniband/core/uverbs_cmd.c 2016-03-24 09:16:27.782778586 -0500 > +++ linux/drivers/infiniband/core/uverbs_cmd.c 2016-05-13 10:49:28.953000945 -0500 > @@ -3088,8 +3088,7 @@ int ib_uverbs_ex_create_flow(struct ib_u > if (cmd.comp_mask) > return -EINVAL; > > - if ((cmd.flow_attr.type == IB_FLOW_ATTR_SNIFFER && > - !capable(CAP_NET_ADMIN)) || !capable(CAP_NET_RAW)) > + if (!capable(CAP_NET_RAW)) > return -EPERM; > > if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED) > I'm not at all convinced this is the right thing to do. Sniffing of packets is definitely a privileged operation. Tcpdump needs to be run as root to do this on regular devices. If not CAP_NET_ADMIN, then a root check seems appropriate. CAP_NET_RAW does not seem sufficient for sniffing other people's packets. -- Doug Ledford <dledford@xxxxxxxxxx> GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature