kernel: deny swconfig set requests for unprivileged users

The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/target/linux/generic/files/drivers/net/phy/swconfig.c b/target/linux/generic/files/drivers/net/phy/swconfig.c
index b556510aef2c557a2d44ac9276580f6f1be8e9a6..699abd33dd894bd143ea72b6acf928184c78dadd 100644 (file)
--- a/target/linux/generic/files/drivers/net/phy/swconfig.c
+++ b/target/linux/generic/files/drivers/net/phy/swconfig.c
@@ -635,6 +635,9 @@ swconfig_set_attr(struct sk_buff *skb, struct genl_info *info)
        struct switch_val val;
        int err = -EINVAL;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        dev = swconfig_get_dev(info);
        if (!dev)
                return -EINVAL;