Message ID | 1317734559-23462-2-git-send-email-apw@canonical.com |
---|---|
State | New |
Headers | show |
On 10/04/2011 07:22 AM, Andy Whitcroft wrote: > From: Linus Torvalds<torvalds@linux-foundation.org> > > Ok, this isn't optimal, since it means that 'iotop' needs admin > capabilities, and we may have to work on this some more. But at the > same time it is very much not acceptable to let anybody just read > anybody elses IO statistics quite at this level. > > Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative > to checking the capabilities by hand. > > Reported-by: Vasiliy Kulikov<segoon@openwall.com> > Cc: Johannes Berg<johannes.berg@intel.com> > Acked-by: Balbir Singh<bsingharora@gmail.com> > Signed-off-by: Linus Torvalds<torvalds@linux-foundation.org> > > (cherry picked from commit 1a51410abe7d0ee4b1d112780f46df87d3621043) > CVE-2011-2494 > BugLink: http://bugs.launchpad.net/bugs/866021 > Signed-off-by: Andy Whitcroft<apw@canonical.com> > --- > kernel/taskstats.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/kernel/taskstats.c b/kernel/taskstats.c > index 99e20d1..c9abf5b 100644 > --- a/kernel/taskstats.c > +++ b/kernel/taskstats.c > @@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = { > .cmd = TASKSTATS_CMD_GET, > .doit = taskstats_user_cmd, > .policy = taskstats_cmd_get_policy, > + .flags = GENL_ADMIN_PERM, > }; > > static struct genl_ops cgroupstats_ops = {
On 04.10.2011 15:22, Andy Whitcroft wrote: > From: Linus Torvalds <torvalds@linux-foundation.org> > > Ok, this isn't optimal, since it means that 'iotop' needs admin > capabilities, and we may have to work on this some more. But at the > same time it is very much not acceptable to let anybody just read > anybody elses IO statistics quite at this level. > > Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative > to checking the capabilities by hand. > > Reported-by: Vasiliy Kulikov <segoon@openwall.com> > Cc: Johannes Berg <johannes.berg@intel.com> > Acked-by: Balbir Singh <bsingharora@gmail.com> > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > > (cherry picked from commit 1a51410abe7d0ee4b1d112780f46df87d3621043) > CVE-2011-2494 > BugLink: http://bugs.launchpad.net/bugs/866021 > Signed-off-by: Andy Whitcroft <apw@canonical.com> > --- > kernel/taskstats.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/kernel/taskstats.c b/kernel/taskstats.c > index 99e20d1..c9abf5b 100644 > --- a/kernel/taskstats.c > +++ b/kernel/taskstats.c > @@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = { > .cmd = TASKSTATS_CMD_GET, > .doit = taskstats_user_cmd, > .policy = taskstats_cmd_get_policy, > + .flags = GENL_ADMIN_PERM, > }; > > static struct genl_ops cgroupstats_ops = {
diff --git a/kernel/taskstats.c b/kernel/taskstats.c index 99e20d1..c9abf5b 100644 --- a/kernel/taskstats.c +++ b/kernel/taskstats.c @@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = { .cmd = TASKSTATS_CMD_GET, .doit = taskstats_user_cmd, .policy = taskstats_cmd_get_policy, + .flags = GENL_ADMIN_PERM, }; static struct genl_ops cgroupstats_ops = {