On Thursday 2021-12-23 08:06, Maciej Żenczykowski wrote:
>diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c
>index e85ce69924ae..3eebd9c7ea4b 100644
>--- a/net/netfilter/xt_owner.c
>+++ b/net/netfilter/xt_owner.c
>@@ -84,8 +84,8 @@ owner_mt(const struct sk_buff *skb, struct xt_action_param *par)
> if (info->match & XT_OWNER_UID) {
> kuid_t uid_min = make_kuid(net->user_ns, info->uid_min);
> kuid_t uid_max = make_kuid(net->user_ns, info->uid_max);
>- if ((uid_gte(filp->f_cred->fsuid, uid_min) &&
>- uid_lte(filp->f_cred->fsuid, uid_max)) ^
>+ if ((uid_gte(sk->sk_uid, uid_min) &&
>+ uid_lte(sk->sk_uid, uid_max)) ^
I have a "déjà rencontré" moment about these lines...
filp->f_cred->fsuid should be the EUID which performed the access (after
peeling away the setfsuid(2) logic...), and sk_uid has a value that the
original author of ipt_owner did not find useful. I think that was the
motivation. listen(80) then drop privileges by set(e)uid. sk_uid would be 0,
and thus not useful.
