On 11/1/21 16:34, Leonard Crestez wrote:
This is mainly intended to protect against local privilege escalations through a rarely used feature so it is deliberately not namespaced.
Enforcement is only at the setsockopt level, this should be enough to ensure that the tcp_authopt_needed static key never turns on.
No effort is made to handle disabling when the feature is already in use.
Signed-off-by: Leonard Crestez cdleonard@gmail.com
[..]
diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c index 5e80e5e5e36e..7c49dcce7d24 100644 --- a/net/ipv4/tcp_authopt.c +++ b/net/ipv4/tcp_authopt.c @@ -3,10 +3,15 @@ #include <linux/kernel.h> #include <net/tcp.h> #include <net/tcp_authopt.h> #include <crypto/hash.h> +/* This is mainly intended to protect against local privilege escalations through
- a rarely used feature so it is deliberately not namespaced.
- */
+int sysctl_tcp_authopt;
Could you add pr_warn_once() for setsockopt() without this set, so that it's visible in dmesg for a user that gets -EPERM.
Thanks, Dmitry