Re: [PATCH net v3] ppp: require CAP_NET_ADMIN in target netns for unattached ioctls

Next message: Alexandre Belloni: "Re: [PATCH v2] rtc: ti-k3: Add support to resume from IO DDR low power mode"
Previous message: Luka Gejak: "Re: [PATCH v3 1/2] staging: most: dim2: replace BUG_ON() in enqueue()"
In reply to: Qingfang Deng: "Re: [PATCH net v3] ppp: require CAP_NET_ADMIN in target netns for unattached ioctls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Sun Apr 12 2026 - 16:51:15 EST

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Thu, 9 Apr 2026 16:11:15 +0900 you wrote:
> /dev/ppp open is currently authorized against file->f_cred->user_ns,
> while unattached administrative ioctls operate on current->nsproxy->net_ns.
>
> As a result, a local unprivileged user can create a new user namespace
> with CLONE_NEWUSER, gain CAP_NET_ADMIN only in that new user namespace,
> and still issue PPPIOCNEWUNIT, PPPIOCATTACH, or PPPIOCATTCHAN against
> an inherited network namespace.
>
> [...]

Here is the summary with links:
- [net,v3] ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
https://git.kernel.org/netdev/net/c/2bb6379416fd

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html