mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 14:13:16 +00:00
442db0d6d8
The swconfig kernel infrastructure fails to do any permissions checks when changing settings. As such an ordinary user account on a device with a switch can change switch settings without any special permissions. Routers generally have few non-admin users so this isn't a big hole, but it is a security hole. Likely the greatest danger is for multifunction devices which have a lot of extra daemons, compromising a low-security daemon would allow one to modify switch settings and cause the router/switch to appear to lock-up (or cause other sorts of troublesome nyetwork behavior). Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any requests originating from user contexts lacking this capability. Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io> |
||
---|---|---|
.. | ||
base-files | ||
files | ||
image | ||
patches-3.18 | ||
patches-4.1 | ||
patches-4.4 | ||
config-3.18 | ||
config-4.1 | ||
config-4.4 | ||
PATCHES |