27.01.2025 17:50, Willem de Bruijn пишет:
Thanks for the report Ondrej.
Agreed that we need to reinstate this. I suggest this explicit
extra branch after the more likely cases:
@@ -585,6 +585,9 @@ static inline bool tun_capable(struct tun_struct *tun)
return 1;
if (gid_valid(tun->group) && in_egroup_p(tun->group))
return 1;
+ if (!uid_valid(tun->owner) && !gid_valid(tun->group))
+ return 1;
+
return 0;
}
The intent clearly has always been to allow access if owner and group
are not explicitly set.
Perfectly fine with me.
I'd raise the question about
the security implications, but
definitely not within this
regression subject.
