On Thu, Jun 18, 2015 at 11:30:54AM -0700, Mahesh Bandewar wrote:
> Actor and Partner details can be accessed via proc-fs, sys-fs
> entries or netlink interface. These interfaces are world readable
> at this moment. The earlier patch-series made the LACP communication
> secure to avoid nuisance attack from within the same L2 domain but
> it did not prevent "someone unprivileged" looking at that information
> on host and perform the same act.
>
> This patch essentially avoids spitting those entries if the user
> in question does not have enough privileges.
>
> Signed-off-by: Mahesh Bandewar <mahe...@google.com>
> ---
> drivers/net/bonding/bond_netlink.c | 23 +++++----
> drivers/net/bonding/bond_procfs.c | 101
> +++++++++++++++++++------------------
> drivers/net/bonding/bond_sysfs.c | 12 ++---
> 3 files changed, 71 insertions(+), 65 deletions(-)
>
[...]
> diff --git a/drivers/net/bonding/bond_procfs.c
> b/drivers/net/bonding/bond_procfs.c
> index e7f3047a26df..f514fe5e80a5 100644
> --- a/drivers/net/bonding/bond_procfs.c
> +++ b/drivers/net/bonding/bond_procfs.c
[...]
> @@ -199,33 +202,35 @@ static void bond_info_show_slave(struct seq_file *seq,
> seq_printf(seq, "Partner Churned Count: %d\n",
> port->churn_partner_count);
>
> - seq_puts(seq, "details actor lacp pdu:\n");
> - seq_printf(seq, " system priority: %d\n",
> - port->actor_system_priority);
> - seq_printf(seq, " system mac address: %pM\n",
> - &port->actor_system);
> - seq_printf(seq, " port key: %d\n",
> - port->actor_oper_port_key);
> - seq_printf(seq, " port priority: %d\n",
> - port->actor_port_priority);
> - seq_printf(seq, " port number: %d\n",
> - port->actor_port_number);
> - seq_printf(seq, " port state: %d\n",
> - port->actor_oper_port_state);
> -
> - seq_puts(seq, "details partner lacp pdu:\n");
> - seq_printf(seq, " system priority: %d\n",
> - port->partner_oper.system_priority);
> - seq_printf(seq, " system mac address: %pM\n",
> - &port->partner_oper.system);
> - seq_printf(seq, " oper key: %d\n",
> - port->partner_oper.key);
> - seq_printf(seq, " port priority: %d\n",
> - port->partner_oper.port_priority);
> - seq_printf(seq, " port number: %d\n",
> - port->partner_oper.port_number);
> - seq_printf(seq, " port state: %d\n",
> - port->partner_oper.port_state);
> + if (capable(CAP_NET_ADMIN)) {
> + seq_puts(seq, "details actor lacp pdu:\n");
> + seq_printf(seq, " system priority: %d\n",
> + port->actor_system_priority);
> + seq_printf(seq, " system mac address: %pM\n",
> + &port->actor_system);
> + seq_printf(seq, " port key: %d\n",
> + port->actor_oper_port_key);
> + seq_printf(seq, " port priority: %d\n",
> + port->actor_port_priority);
> + seq_printf(seq, " port number: %d\n",
> + port->actor_port_number);
> + seq_printf(seq, " port state: %d\n",
> + port->actor_oper_port_state);
> +
> + seq_puts(seq, "details partner lacp pdu:\n");
> + seq_printf(seq, " system priority: %d\n",
> + port->partner_oper.system_priority);
> + seq_printf(seq, " system mac address: %pM\n",
> + &port->partner_oper.system);
> + seq_printf(seq, " oper key: %d\n",
> + port->partner_oper.key);
> + seq_printf(seq, " port priority: %d\n",
> + port->partner_oper.port_priority);
> + seq_printf(seq, " port number: %d\n",
> + port->partner_oper.port_number);
> + seq_printf(seq, " port state: %d\n",
> + port->partner_oper.port_state);
> + }
> } else {
> seq_puts(seq, "Aggregator ID: N/A\n");
> }
With this patch, actor_oper_port_state and partner_oper.port_state are
not displayed in /proc, but that information is available via netlink
from bond_fill_slave_info().
I suspect you do not deem these two values as critical to the security
of the system, but wanted to confirm before ACKing.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
