3b52db469b
So far we did check that incoming message comes has uid == 0. However this doesn't work if avahi is running inside net_ns && user_ns. Instead we should check that message comes from kernel, i.e. pid == 0. Thanks Lubomir Rintel <lkundrak@v3.sk> for the patch. Resolves: #1227052
42 lines
1.2 KiB
Diff
42 lines
1.2 KiB
Diff
From b8b2b4a03de019e14e439d30ab2d929aec5d6524 Mon Sep 17 00:00:00 2001
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
Date: Mon, 1 Jun 2015 21:13:40 +0200
|
|
Subject: [PATCH] netlink: check that the origin of the rtnetlink messages is
|
|
kernel
|
|
|
|
Instead of asserting it's from UID 0, which breaks in network namespaces.
|
|
---
|
|
avahi-autoipd/iface-linux.c | 2 +-
|
|
avahi-core/netlink.c | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/avahi-autoipd/iface-linux.c b/avahi-autoipd/iface-linux.c
|
|
index 83e9e41..1888e37 100644
|
|
--- a/avahi-autoipd/iface-linux.c
|
|
+++ b/avahi-autoipd/iface-linux.c
|
|
@@ -215,7 +215,7 @@ static int process_response(int wait_for_done, unsigned seq) {
|
|
|
|
ucred = (struct ucred*) CMSG_DATA(cmsghdr);
|
|
|
|
- if (ucred->uid != 0)
|
|
+ if (ucred->pid != 0)
|
|
return -1;
|
|
|
|
bytes = (size_t) r;
|
|
diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c
|
|
index 4ded5ec..b8c0c06 100644
|
|
--- a/avahi-core/netlink.c
|
|
+++ b/avahi-core/netlink.c
|
|
@@ -82,7 +82,7 @@ int avahi_netlink_work(AvahiNetlink *nl, int block) {
|
|
|
|
cred = (struct ucred*) CMSG_DATA(cmsg);
|
|
|
|
- if (cred->uid != 0)
|
|
+ if (cred->pid != 0)
|
|
return -1;
|
|
|
|
p = (struct nlmsghdr *) nl->buffer;
|
|
--
|
|
2.4.3
|
|
|