[PATCH] net/ark: fix unsafe env variable in extension loading

Stephen Hemminger stephen at networkplumber.org
Wed Jun 3 17:30:56 CEST 2026

Previous message (by thread): [PATCH v2] net/ark: fix unsafe env variable in extension loading
Next message (by thread): [PATCH] net/ark: validate IPv4 octets in address parser
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed,  3 Jun 2026 08:26:00 +0300
Denis Sergeev <denserg.edu at gmail.com> wrote:

> diff --git a/drivers/net/ark/ark_ethdev.c b/drivers/net/ark/ark_ethdev.c
> index 8b25ed948f..e25478103b 100644
> --- a/drivers/net/ark/ark_ethdev.c
> +++ b/drivers/net/ark/ark_ethdev.c
> @@ -211,9 +211,19 @@ static int
>  check_for_ext(struct ark_adapter *ark)
>  {
>  	int found = 0;
> +	const char *dllpath;
> +
> +	/*
> +	 * A basic security check is necessary before trusting
> +	 * ARK_EXT_PATH environment variable.
> +	 */
> +	if (geteuid() != getuid() || getegid() != getgid()) {
> +		ARK_PMD_LOG(DEBUG, "EXT ignoring ARK_EXT_PATH under setuid/setgid\n");
> +		return 0;
> +	}
>  

DPDK may be run in containers. This would break that.

The whole dlopen extension stuff in this driver is rubbish and should not have been allowed in.
It creates testing and security nightmares.

Previous message (by thread): [PATCH v2] net/ark: fix unsafe env variable in extension loading
Next message (by thread): [PATCH] net/ark: validate IPv4 octets in address parser
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list