On Mon, 9 Oct 2023 12:31:57 -0300 Pedro Tammela wrote:
Herm, how did we get this far without CCing the author of the patch. Adding Budimir.
Pedro, Budimir, any idea what the original bug was? There isn't much info in the commit message.
We had a UAF with a very straight forward way to trigger it.
Any details?
Setting 'rt' as a parent is incorrect and the man page is explicit about it as it doesn't make sense 'qdisc wise'. Being able to set it has always been wrong unfortunately...
Sure but unfortunately "we don't break backward compat" means we can't really argue. It will take us more time to debate this than to fix it (assuming we understand the initial problem).
Frankly one can even argue whether "exploitable by root / userns" is more important than single user's init scripts breaking. The "security" issues for root are dime a dozen.