git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Stas Sergeev <stsp2@yandex.ru>
	Thu, 5 Dec 2024 07:36:14 +0000 (10:36 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 21 Feb 2025 12:49:31 +0000 (13:49 +0100)
commit	b2c0850a31b4ea675a20f74a094c7678d142db4c
tree	b0f38d08ba6850fca875ebd9d1077a0fb6d14224	tree \| snapshot
parent	a0dec65f88c8d9290dfa1d2ca1e897abe54c5881	commit \| diff

tun: fix group permission check

[ Upstream commit 3ca459eaba1bf96a8c7878de84fa8872259a01e3 ]

Currently tun checks the group permission even if the user have matched.
Besides going against the usual permission semantic, this has a
very interesting implication: if the tun group is not among the
supplementary groups of the tun user, then effectively no one can
access the tun device. CAP_SYS_ADMIN still can, but its the same as
not setting the tun ownership.

This patch relaxes the group checking so that either the user match
or the group match is enough. This avoids the situation when no one
can access the device even though the ownership is properly set.

Also I simplified the logic by removing the redundant inversions:
tun_not_capable() --> !tun_capable()

Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Link: https://patch.msgid.link/20241205073614.294773-1-stsp2@yandex.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>