linux/net/unix
Eric Dumazet e0e3cea46d af_netlink: force credentials passing [CVE-2012-3520]
Pablo Neira Ayuso discovered that avahi and
potentially NetworkManager accept spoofed Netlink messages because of a
kernel bug.  The kernel passes all-zero SCM_CREDENTIALS ancillary data
to the receiver if the sender did not provide such data, instead of not
including any such data at all or including the correct data from the
peer (as it is the case with AF_UNIX).

This bug was introduced in commit 16e5726269
(af_unix: dont send SCM_CREDENTIALS by default)

This patch forces passing credentials for netlink, as
before the regression.

Another fix would be to not add SCM_CREDENTIALS in
netlink messages if not provided by the sender, but it
might break some programs.

With help from Florian Weimer & Petr Matousek

This issue is designated as CVE-2012-3520

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-21 14:53:01 -07:00
..
Kconfig net: Default UDP and UNIX diag to 'n'. 2012-01-07 12:13:06 -08:00
Makefile unix_diag: Write it into kbuild 2011-12-16 13:48:29 -05:00
af_unix.c af_netlink: force credentials passing [CVE-2012-3520] 2012-08-21 14:53:01 -07:00
diag.c net: make sock diag per-namespace 2012-07-16 22:31:34 -07:00
garbage.c Allow passing O_PATH descriptors via SCM_RIGHTS datagrams 2011-03-15 02:21:45 -04:00
sysctl_net_unix.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00