| Message ID | 1339542341.15266.3.camel@bwh-desktop.uk.solarflarecom.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Ben Hutchings <bhutchings@solarflare.com> Date: Wed, 13 Jun 2012 00:05:41 +0100 > 'Get' commands should generally not require CAP_NET_ADMIN, with > the exception of those that expose internal state. > > Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> > --- > The one command I'm not sure about is ETHTOOL_STATS. It might reveal > too much detail about network traffic. That said, /proc/net/dev and > /sys/class/net/*/statistics are already world-readable. Applied, it just means we need to scrutinize what people put into the stats a little bit more. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/ethtool.c b/net/core/ethtool.c index c73d0a5..cbf033d 100644 --- a/net/core/ethtool.c +++ b/net/core/ethtool.c @@ -1443,6 +1443,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr) case ETHTOOL_GSET: case ETHTOOL_GDRVINFO: case ETHTOOL_GMSGLVL: + case ETHTOOL_GLINK: case ETHTOOL_GCOALESCE: case ETHTOOL_GRINGPARAM: case ETHTOOL_GPAUSEPARAM: @@ -1451,6 +1452,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr) case ETHTOOL_GSG: case ETHTOOL_GSSET_INFO: case ETHTOOL_GSTRINGS: + case ETHTOOL_GSTATS: case ETHTOOL_GTSO: case ETHTOOL_GPERMADDR: case ETHTOOL_GUFO: @@ -1463,8 +1465,11 @@ int dev_ethtool(struct net *net, struct ifreq *ifr) case ETHTOOL_GRXCLSRLCNT: case ETHTOOL_GRXCLSRULE: case ETHTOOL_GRXCLSRLALL: + case ETHTOOL_GRXFHINDIR: case ETHTOOL_GFEATURES: + case ETHTOOL_GCHANNELS: case ETHTOOL_GET_TS_INFO: + case ETHTOOL_GEEE: break; default: if (!capable(CAP_NET_ADMIN))
'Get' commands should generally not require CAP_NET_ADMIN, with the exception of those that expose internal state. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> --- The one command I'm not sure about is ETHTOOL_STATS. It might reveal too much detail about network traffic. That said, /proc/net/dev and /sys/class/net/*/statistics are already world-readable. Ben. net/core/ethtool.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)