• Eric Dumazet's avatar
    af_netlink: force credentials passing [CVE-2012-3520] · e0e3cea4
    Eric Dumazet authored
    Pablo Neira Ayuso discovered that avahi and
    potentially NetworkManager accept spoofed Netlink messages because of a
    kernel bug.  The kernel passes all-zero SCM_CREDENTIALS ancillary data
    to the receiver if the sender did not provide such data, instead of not
    including any such data at all or including the correct data from the
    peer (as it is the case with AF_UNIX).
    
    This bug was introduced in commit 16e57262
    (af_unix: dont send SCM_CREDENTIALS by default)
    
    This patch forces passing credentials for netlink, as
    before the regression.
    
    Another fix would be to not add SCM_CREDENTIALS in
    netlink messages if not provided by the sender, but it
    might break some programs.
    
    With help from Florian Weimer & Petr Matousek
    
    This issue is designated as CVE-2012-3520
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Cc: Petr Matousek <pmatouse@redhat.com>
    Cc: Florian Weimer <fweimer@redhat.com>
    Cc: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e0e3cea4
af_netlink.c 48.9 KB