Modify

Opened 20 months ago

#22537 new defect

SECURITY: swconfig infrastructure fails to check for CAP_NET_ADMIN when configuring

Reported by: ehem+openwrt@… Owned by: developers
Priority: highest Milestone:
Component: kernel Version: Trunk
Keywords: security, swconfig, kernel Cc:

Description

The subject line hopefully mostly covers the situation. The swconfig kernel infrastructure fails to do any permissions checks when changing settings. As such an ordinary user account on a device with a switch can change switch settings without any special permissions. Routers generally have few non-admin users so this isn't a big hole, but it is a security hole. Likely the greatest danger is for multifunction devices which have a lot of extra daemons, compromising a low-security daemon would allow one to modify switch settings and cause the router/switch to appear to lock-up (or cause other sorts of troublesome nyetwork behavior).

Pretty simple fix, just need a "if(!capable(CAP_NET_ADMIN)) return -EPERM;" near the top of swconfig_set_attr() (unless development since 3.18 means changing some settings no longer go through that function).

The OpenWRT organization really needs to figure out handling of security bugs. There is no e-mail address devoted for security issues and it appears trying to alert folks via the standard approaches doesn't get them handled correctly.

Since this has been lurking for a long while, this is now getting reported to Bugtraq.

Attachments (1)

openwrt.patch (583 bytes) - added by ehem+openwrt@… 20 months ago.
Patch for issue (checked on Linux 3.18, unchecked against later versions)

Download all attachments as: .zip

Change History (1)

Changed 20 months ago by ehem+openwrt@…

Patch for issue (checked on Linux 3.18, unchecked against later versions)

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.