[PATCH v4 08/12] netlink: allow modification of transit net

Julian Orth ju.orth at gmail.com
Sun Oct 7 18:23:53 CEST 2018

On 10/7/18 4:11 PM, Julian Orth wrote:
> +static int set_socket(struct wireguard_device *wg, struct nlattr **attrs)
>  {
> -	ret = test_socket_net_capable(wg->transit_net);
> +	ret = test_socket_net_capable(net ? : wg->transit_net);

This is wrong. The capability is checked even if the user hasn't provided any
of the socket attributes. Instead we must check for the capability iff at
least one of the three attributes is provided. It's not sufficient to move the
check below

> +	if (wg->incoming_port == port && (!net || wg->transit_net == net))
> +		goto out;

because this would allow an unprivileged caller to find the port and transit
namespace by trial and error.

I'll fix this in the next version.

More information about the WireGuard mailing list