On Mon, Oct 9, 2023 at 8:28 PM Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Mon, 9 Oct 2023 12:31:57 -0300 Pedro Tammela wrote: > > > Herm, how did we get this far without CCing the author of the patch. > > > Adding Budimir. > > > > > > Pedro, Budimir, any idea what the original bug was? There isn't much > > > info in the commit message. > > > > We had a UAF with a very straight forward way to trigger it. > > Any details? As in you want the sequence of commands that caused the fault posted? Budimir, lets wait for Jakub's response before you do that. I have those details as well of course. > > Setting 'rt' as a parent is incorrect and the man page is explicit about > > it as it doesn't make sense 'qdisc wise'. Being able to set it has > > always been wrong unfortunately... > > Sure but unfortunately "we don't break backward compat" means > we can't really argue. It will take us more time to debate this > than to fix it (assuming we understand the initial problem). > > Frankly one can even argue whether "exploitable by root / userns" > is more important than single user's init scripts breaking. > The "security" issues for root are dime a dozen. This is a tough one - as it stands right now we dont see a good way out. It's either "exploitable by root / userns" or break uapi. Christian - can you send your "working" scripts, simplified if possible, and we'll take a look. cheers, jamal
