[ovs-discuss] [PATCH] brcompat_mod: Check if user has CAP_NET_ADMIN in ioctl handler

Vivien Bernet-Rollande vbr at soprive.net
Wed Sep 15 12:33:51 UTC 2010

This patch checks that the user calling ioctl() to create, delete, or
modify bridges has the CAP_NET_ADMIN capability. This prevents
unpriviledged users from modifying the bridge configuration through
brcompatd. The checks are actually the same performed in
net/bridge/br_ioctl.c by the Linux kernel.

Unprivileged users can create or destroy bridges when brcompatd is
running. I believe this is a serious security risk. I tested it only on
Fedora 12 with a Xenified 2.6.32 kernel, but the change is small enough
that there shouldn't be any problem with any version of Linux.

 datapath/brcompat.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/datapath/brcompat.c b/datapath/brcompat.c
index 3e84011..2113eae 100644
--- a/datapath/brcompat.c
+++ b/datapath/brcompat.c
@@ -84,6 +84,9 @@ static int brc_add_del_bridge(char __user *uname, int
 	struct sk_buff *request;
 	char name[IFNAMSIZ];
+	if (!capable(CAP_NET_ADMIN))
+		return -EPERM;
 	if (copy_from_user(name, uname, IFNAMSIZ))
 		return -EFAULT;
@@ -196,6 +199,9 @@ static int brc_add_del_port(struct net_device *dev,
int port_ifindex, int add)
 	struct net_device *port;
 	int err;
+	if (!capable(CAP_NET_ADMIN))
+		return -EPERM;
 	port = __dev_get_by_index(&init_net, port_ifindex);
 	if (!port)
 		return -EINVAL;

Vivien Bernet-Rollande
So Privé Cloud Computing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20100915/25153e44/attachment-0001.html>

More information about the discuss mailing list