On Tue, Oct 10, 2023 at 1:32 PM Christian Theune <ct@xxxxxxxxxxxxxxx> wrote: > > Hi, > > > On 10. Oct 2023, at 17:02, Jamal Hadi Salim <jhs@xxxxxxxxxxxx> wrote: > > > > This is a tough one - as it stands right now we dont see a good way > > out. It's either "exploitable by root / userns" or break uapi. > > Christian - can you send your "working" scripts, simplified if > > possible, and we'll take a look. > > Sure, what kind of simplification are we talking about? Something like this? > > #### snip > #!/bin/bash > modprobe ifb > modprobe act_mirred > > uplink=eth0 > uplink_ingress=ifb0 > > tc qdisc add dev $uplink handle ffff: ingress > ifconfig $uplink up > > tc filter add dev $uplink parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev $uplink_ingress > > tc qdisc add dev $uplink_ingress root handle 1: hfsc default 1 > tc class add dev $uplink_ingress parent 1: classid 1:999 hfsc rt m2 2.5gbit > tc class add dev $uplink_ingress parent 1:999 classid 1:1 hfsc sc rate 50mbit > #### snap > > This should provoke the error reliably. You might need to point it at whatever network interface is available but need to be prepared to loose connectivity. > Ok - thanks, we'll look at this from the perspective of both ensuring UAF is gone and making your config happy. TBH, in my view UAF comes first but we can debate that later. cheers, jamal > Christian > > > Liebe Grüße, > Christian Theune > > -- > Christian Theune · ct@xxxxxxxxxxxxxxx · +49 345 219401 0 > Flying Circus Internet Operations GmbH · https://flyingcircus.io > Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland > HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick >
