OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Kill suser() call in tunopen()?

From: Owain Ainsworth (zerooagooglemail.com)
Date: Wed Sep 22 2010 - 09:37:50 CDT


On Wed, Sep 22, 2010 at 11:45:10AM +0100, Kevin Chadwick wrote:
> On Wed, 22 Sep 2010 11:25:02 +0100
> Owain Ainsworth <zerooagooglemail.com> wrote:
>
> > On Tue, Sep 21, 2010 at 06:32:50PM -0700, Matthew Dempsky wrote:
> > > /dev/tun* are already owned by root and mode 0600 by default, so it
> > > seems redundant to check suser() in tunopen().
> >
> > Looks like vnd could have the same change for the same resons.
> >
> > If so i'll whip up the requisite two-liner.
> >
> > -0-
> > --
> > Computers are useless. They can only give you answers.
> > -- Pablo Picasso
> >
>
> I can see potential reasons for changing the user on tun devices and
> so saw no problem at all. I wonder if it is better however to have the
> check at runtime for things like vnconfig, could having the wrong user
> jeopardise an encryption password at all?.

Reading the code, you can do VNDIOCGET, that gets you the filename,
device and inode of the vnd, that is it. The other ioctls are the
standard disk ones, create vnd (takes a key) and delete vnd.

We have device permissions for a reason, i find it questionable to
redundantly check, if you change permisions to let any man or his dog
create a vnd, you deserve what you get.

-0-
--
Graduate life: It's not just a job. It's an indenture.