openwrtv3/target
Jo-Philipp Wich 442db0d6d8 kernel: deny swconfig set requests for unprivileged users
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00
..
imagebuilder build: split scripts/metadata.pl into target-metadata.pl and package-metadata.pl 2016-06-07 08:58:40 +02:00
linux kernel: deny swconfig set requests for unprivileged users 2016-06-11 00:53:19 +02:00
sdk IB/SDK/toolchain: use lower cases filenames 2016-06-01 17:54:36 +02:00
toolchain IB/SDK/toolchain: use lower cases filenames 2016-06-01 17:54:36 +02:00
Config.in build: remove profile kernel/build system config override support 2016-05-15 20:55:40 +02:00
Makefile target: do not make target/*/install depend on target/*/compile - removes one redundant kernel build dir call on target/install 2012-06-06 17:24:05 +00:00