Hi,
It seems to me that supplementary groups should be taken into account
when checking for permissions on a tun device. Can someone comment on
my patch below; is it a reasonable approach? If so, I'd like to
submit it for inclusion in the kernel under the GPL.
Please forward any responses to me directly in addition to the lkml.
Mike
--- tun.c 2007-11-16 10:14:27.000000000 -0800
+++ tun.c.new 2007-11-21 16:12:15.000000000 -0800
@@ -471,7 +471,8 @@
if (((tun->owner != -1 &&
current->euid != tun->owner) ||
(tun->group != -1 &&
- current->egid != tun->group)) &&
+ (current->egid != tun->group &&
+ !groups_search(current->group_info, tun->group)))) &&
!capable(CAP_NET_ADMIN))
return -EPERM;
}