tmp_suning_uos_patched/net
Kevin Cernekee 916a27901d netfilter: xt_osf: Add missing permission checks
The capability check in nfnetlink_rcv() verifies that the caller
has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
However, xt_osf_fingers is shared by all net namespaces on the
system.  An unprivileged user can create user and net namespaces
in which he holds CAP_NET_ADMIN to bypass the netlink_net_capable()
check:

    vpnns -- nfnl_osf -f /tmp/pf.os

    vpnns -- nfnl_osf -f /tmp/pf.os -d

These non-root operations successfully modify the systemwide OS
fingerprint list.  Add new capable() checks so that they can't.

Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-12-06 09:01:18 +01:00
..
6lowpan License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
9p License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
802 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-12 09:17:05 +09:00
appletalk License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
batman-adv
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
bpf
bridge net: bridge: add vlan_tunnel to bridge port policies 2017-11-14 21:54:55 +09:00
caif License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
ceph Merge branch 'work.get_user_pages_fast' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 12:38:51 -08:00
core Merge branch 'akpm' (patches from Andrew) 2017-11-15 19:42:40 -08:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
dns_resolver
dsa net: dsa: lan9303: calculate offload_fwd_mark from tag 2017-11-14 21:47:48 +09:00
ethernet
hsr
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
ife MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
ipv4 netfilter: exit_net cleanup check added 2017-11-20 12:03:41 +01:00
ipv6 netfilter: remove redundant assignment to e 2017-11-20 12:03:41 +01:00
ipx Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
iucv
kcm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
key af_key: replace BUG_ON on WARN_ON in net_exit hook 2017-11-14 15:45:52 +09:00
l2tp l2tp: exit_net cleanup check added 2017-11-14 15:45:53 +09:00
l3mdev
lapb
llc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
ncsi net/ncsi: Don't return error on normal response 2017-11-11 15:09:44 +09:00
netfilter netfilter: xt_osf: Add missing permission checks 2017-12-06 09:01:18 +01:00
netlabel net/netlabel: Add list_next_rcu() in rcu_dereference(). 2017-11-18 10:32:41 +09:00
netlink netlink: remove unnecessary forward declaration 2017-11-14 21:51:14 +09:00
netrom Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
nfc genetlink: fix genlmsg_nlhdr() 2017-11-16 10:49:00 +09:00
nsh openvswitch: enable NSH support 2017-11-08 16:12:33 +09:00
openvswitch openvswitch: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start 2017-11-15 14:16:07 +09:00
packet packet: exit_net cleanup check added 2017-11-14 15:45:52 +09:00
phonet phonet: exit_net cleanup check added 2017-11-14 15:45:53 +09:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-10 10:00:18 +09:00
rds Merge branch 'akpm' (patches from Andrew) 2017-11-15 19:42:40 -08:00
rfkill
rose
rxrpc RxRPC development 2017-11-14 16:17:38 +09:00
sched netem: remove unnecessary 64 bit modulus 2017-11-15 14:14:16 +09:00
sctp sctp: set frag_point in sctp_setsockopt_maxseg correctly 2017-11-18 10:32:41 +09:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
strparser
sunrpc NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
switchdev net: bridge: Add/del switchdev object on host join/leave 2017-11-10 13:41:40 +09:00
tipc tipc: enforce valid ratio between skb truesize and contents 2017-11-16 10:49:00 +09:00
tls tls: don't override sk_write_space if tls_set_sw_offload fails. 2017-11-14 16:26:35 +09:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
wimax License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wireless genetlink: fix genlmsg_nlhdr() 2017-11-16 10:49:00 +09:00
x25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2017-11-16 22:33:54 +09:00
compat.c
Kconfig
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
socket.c kmemcheck: remove annotations 2017-11-15 18:21:04 -08:00
sysctl_net.c