)]}'
{
  "commit": "e87736e7856281c06eb63ed8a715c61e72564400",
  "tree": "75d1821a7d75b92a47374c2f31b628cf922326bd",
  "parents": [
    "8c99398a30b0da42ee80dd235e4f173019469cbf"
  ],
  "author": {
    "name": "Laszlo Ersek",
    "email": "lersek@redhat.com",
    "time": "Mon Jul 31 18:42:36 2023 +0200"
  },
  "committer": {
    "name": "He Gao",
    "email": "hegao@google.com",
    "time": "Wed Aug 16 18:56:31 2023 +0000"
  },
  "message": "net: tun_chr_open(): set sk_uid from current_fsuid()\n\ncommit 9bc3047374d5bec163e83e743709e23753376f0c upstream.\n\nCommit a096ccca6e50 initializes the \"sk_uid\" field in the protocol socket\n(struct sock) from the \"/dev/net/tun\" device node\u0027s owner UID. Per\noriginal commit 86741ec25462 (\"net: core: Add a UID field to struct\nsock.\", 2016-11-04), that\u0027s wrong: the idea is to cache the UID of the\nuserspace process that creates the socket. Commit 86741ec25462 mentions\nsocket() and accept(); with \"tun\", the action that creates the socket is\nopen(\"/dev/net/tun\").\n\nTherefore the device node\u0027s owner UID is irrelevant. In most cases,\n\"/dev/net/tun\" will be owned by root, so in practice, commit a096ccca6e50\nhas no observable effect:\n\n- before, \"sk_uid\" would be zero, due to undefined behavior\n  (CVE-2023-1076),\n\n- after, \"sk_uid\" would be zero, due to \"/dev/net/tun\" being owned by root.\n\nWhat matters is the (fs)UID of the process performing the open(), so cache\nthat in \"sk_uid\".\n\nBUG\u003db/296028784\nTEST\u003dpresubmit\nSOURCE\u003dUPSTREAM(9bc3047374d5)\nRELEASE_NOTE\u003dFixed CVE-2023-4194 in the Linux kernel.\n\nFixes: a096ccca6e50 (\"tun: tun_chr_open(): correctly initialize socket uid\")\nBugzilla: https://bugzilla.redhat.com/show_bug.cgi?id\u003d2173435\nChange-Id: Iea0089d383b035e909c40e333778847b4f2b9703\nSigned-off-by: Laszlo Ersek \u003clersek@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/55019\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nReviewed-by: Oleksandr Tymoshenko \u003covt@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "7c8db8f6f661ead8379d4a31971e5bf1bb4a168b",
      "old_mode": 33188,
      "old_path": "drivers/net/tun.c",
      "new_id": "228f5f9ef1dde44cc586f9361ca2e5f86366a058",
      "new_mode": 33188,
      "new_path": "drivers/net/tun.c"
    }
  ]
}