tun/tap: set sk_uid from current_fsuid()
Merge Request Required Information
Summary of Changes
Upstream cover letter (captured in merge commit 666c135b2d859a00ee74c8645b2affacfae45421):
tun/tap: set sk_uid from current_fsuid()
The original patches fixing CVE-2023-1076 are incorrect in my opinion.
This small series fixes them up; see the individual commit messages for
explanation.
I have a very elaborate test procedure demonstrating the problem for
both tun and tap; it involves libvirt, qemu, and "crash". I can share
that procedure if necessary, but it's indeed quite long (I wrote it
originally for our QE team).
The patches in this series are supposed to "re-fix" CVE-2023-1076; given
that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this
publicly, and not suggesting any embargo. Red Hat Product Security may
assign a new CVE number later.
I've tested the patches on top of v6.5-rc4, with "crash" built at commit
c74f375e0ef7.
Approved Development Ticket
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2229506
CVE: CVE-2023-4194
Signed-off-by: Laszlo Ersek lersek@redhat.com
Edited by Laszlo Ersek