Issue description
The child root process trusts that every interface the parent unprivileged process passes in is present in the interface file. This means that the parent process can in a limited fashion mess with all interfaces present on the system.
Impact
The child process can mess with any interface even those not listed in the configuration file.
Suggested fix
Ideally the child privileged process should be cross referencing the input from the parent with the configuration file. It is important that any fix made also consider reload functionality and configuration file security.
Additional Notes
The configuration file is already read in the privileged context on startup so reading the file inside the privileged child process would not change the existing security profile.
Issue description The child root process trusts that every interface the parent unprivileged process passes in is present in the interface file. This means that the parent process can in a limited fashion mess with all interfaces present on the system.
Privileged loop applies no validation on the interface input: https://github.com/radvd-project/radvd/blob/cf213516101c6871dd697612916ed5f4a282b7c1/privsep-linux.c#L46C17-L46C17
Impact The child process can mess with any interface even those not listed in the configuration file.
Suggested fix Ideally the child privileged process should be cross referencing the input from the parent with the configuration file. It is important that any fix made also consider reload functionality and configuration file security.
Additional Notes The configuration file is already read in the privileged context on startup so reading the file inside the privileged child process would not change the existing security profile.