Hi,
Wouldn't it be safer if the ldisc open function for PPP, mkiss etc
included a check for CAP_NET_ADMIN privilege, and reject the attempt to
set the line discipline if the user is not privileged? The slip module
already has this check, but other modules don't.
I looked at various protocol modules (ppp sync/async, mkiss, irtty, ...)
and there is no immediate security problem; these modules either do
not allocate a netdevice, or if they do, they check for netif_running()
before they pass the decoded packet to the network layer.
Still I think it's somewhat dangerous to allow a user to open a pty pair,
set the slave's line discipline and feed it whatever he likes.
Olaf
--
Olaf Kirch | Things that make Monday morning interesting, #2:
okir@xxxxxxx | "We have 8,000 NFS mount points, why do we keep
---------------+ running out of privileged ports?"
|