diff options
| author | Maoyi Xie <maoyi.xie@ntu.edu.sg> | 2026-05-06 14:48:53 +0800 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2026-05-06 11:05:52 +0200 |
| commit | 15994bb0cbb8fc4879da7552ddd08c1896261c39 (patch) | |
| tree | 53d7783826dccdbe9f890066d9658928f037b93b /scripts/checkpatch.pl | |
| parent | 0f3c0a197309717d74729568f88957d448847937 (diff) | |
wifi: nl80211: require CAP_NET_ADMIN over the target netns in SET_WIPHY_NETNS
NL80211_CMD_SET_WIPHY_NETNS dispatches with GENL_UNS_ADMIN_PERM, which
verifies that the caller has CAP_NET_ADMIN for the source netns. It
doesn't verify that the caller has CAP_NET_ADMIN over the target netns
selected by NL80211_ATTR_NETNS_FD or NL80211_ATTR_PID.
This diverges from the convention enforced in
net/core/rtnetlink.c::rtnl_get_net_ns_capable():
/* For now, the caller is required to have CAP_NET_ADMIN in
* the user namespace owning the target net ns.
*/
if (!sk_ns_capable(sk, net->user_ns, CAP_NET_ADMIN))
return ERR_PTR(-EACCES);
A user with CAP_NET_ADMIN in their own user namespace can therefore
push a wiphy into an arbitrary netns (including init_net) over which
they have no privilege.
Mirror the rtnetlink convention by requiring CAP_NET_ADMIN in the
target netns before calling cfg80211_switch_netns().
Signed-off-by: Maoyi Xie <maoyi.xie@ntu.edu.sg>
Link: https://patch.msgid.link/20260506064854.2207105-2-maoyixie.tju@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'scripts/checkpatch.pl')
0 files changed, 0 insertions, 0 deletions