summaryrefslogtreecommitdiffhomepage
path: root/src/main.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-12-28 16:51:34 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2018-12-30 15:59:30 +0100
commitfd3276b09caec20156775965f2abf267f044b909 (patch)
tree8dfec378d81e893acd7e102894425337fdaed6e7 /src/main.c
parent45631d0203e9470896b1c03026a8ec256b58eda4 (diff)
netlink: auth socket changes against namespace of socket
In WireGuard, the underlying UDP socket lives in the namespace where the interface was created and doesn't move if the interface is moved. This allows one to create the interface in some privileged place that has Internet access, and then move it into a container namespace that only has the WireGuard interface for egress. Consider the following situation: 1. Interface created in namespace A. Socket therefore lives in namespace A. 2. Interface moved to namespace B. Socket remains in namespace A. 3. Namespace B now has access to the interface and changes the listen port and/or fwmark of socket. Change is reflected in namespace A. This behavior is arguably _fine_ and perhaps even expected or acceptable. But there's also an argument to be made that B should have A's cred to do so. So, this patch adds a simple ns_capable check. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/main.c')
0 files changed, 0 insertions, 0 deletions