Patch "revert "net: align SO_RCVMARK required privileges with SO_MARK"" has been added to the 6.3-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    revert "net: align SO_RCVMARK required privileges with SO_MARK"

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     revert-net-align-so_rcvmark-required-privileges-with.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e20ac44401d36051cb27663d902b7d3d2219182a
Author: Maciej Żenczykowski <maze@xxxxxxxxxx>
Date:   Sun Jun 18 03:31:30 2023 -0700

    revert "net: align SO_RCVMARK required privileges with SO_MARK"
    
    [ Upstream commit a9628e88776eb7d045cf46467f1afdd0f7fe72ea ]
    
    This reverts commit 1f86123b9749 ("net: align SO_RCVMARK required
    privileges with SO_MARK") because the reasoning in the commit message
    is not really correct:
      SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
      it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
      and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
      sets the socket mark and does require privs.
    
      Additionally incoming skb->mark may already be visible if
      sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.
    
      Furthermore, it is easier to block the getsockopt via bpf
      (either cgroup setsockopt hook, or via syscall filters)
      then to unblock it if it requires CAP_NET_RAW/ADMIN.
    
    On Android the socket mark is (among other things) used to store
    the network identifier a socket is bound to.  Setting it is privileged,
    but retrieving it is not.  We'd like unprivileged userspace to be able
    to read the network id of incoming packets (where mark is set via
    iptables [to be moved to bpf])...
    
    An alternative would be to add another sysctl to control whether
    setting SO_RCVMARK is privilged or not.
    (or even a MASK of which bits in the mark can be exposed)
    But this seems like over-engineering...
    
    Note: This is a non-trivial revert, due to later merged commit e42c7beee71d
    ("bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()")
    which changed both 'ns_capable' into 'sockopt_ns_capable' calls.
    
    Fixes: 1f86123b9749 ("net: align SO_RCVMARK required privileges with SO_MARK")
    Cc: Larysa Zaremba <larysa.zaremba@xxxxxxxxx>
    Cc: Simon Horman <simon.horman@xxxxxxxxxxxx>
    Cc: Paolo Abeni <pabeni@xxxxxxxxxx>
    Cc: Eyal Birger <eyal.birger@xxxxxxxxx>
    Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
    Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
    Cc: Patrick Rohr <prohr@xxxxxxxxxx>
    Signed-off-by: Maciej Żenczykowski <maze@xxxxxxxxxx>
    Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
    Reviewed-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230618103130.51628-1-maze@xxxxxxxxxx
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/core/sock.c b/net/core/sock.c
index 3fd71f343c9f2..b34c48f802e98 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
 		__sock_set_mark(sk, val);
 		break;
 	case SO_RCVMARK:
-		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
-		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
-			ret = -EPERM;
-			break;
-		}
-
 		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
 		break;
 



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux