diff mbox

[3/3] net: check kern before calling security subsystem

Message ID 20091104163224.27133.88570.stgit@paris.rdu.redhat.com
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Eric Paris Nov. 4, 2009, 4:32 p.m. UTC 
Before calling capable(CAP_NET_RAW) check if this operations is on behalf
of the kernel or on behalf of userspace.  Do not do the security check if
it is on behalf of the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
---

 net/bluetooth/l2cap.c |    2 +-
 net/ipv4/af_inet.c    |    2 +-
 net/ipv6/af_inet6.c   |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Arnaldo Carvalho de Melo Nov. 4, 2009, 5:32 p.m. UTC | #1 
Em Wed, Nov 04, 2009 at 11:32:24AM -0500, Eric Paris escreveu:
> Before calling capable(CAP_NET_RAW) check if this operations is on behalf
> of the kernel or on behalf of userspace.  Do not do the security check if
> it is on behalf of the kernel.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>

Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
James Morris Nov. 4, 2009, 9:42 p.m. UTC | #2 
On Wed, 4 Nov 2009, Eric Paris wrote:

> -	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
> +	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
>  		return -EPERM;

> -	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
> +	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
>  		goto out_rcu_unlock;

> -	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
> +	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
>  		goto out_rcu_unlock;

Perhaps make this a static inline.
David Miller Nov. 6, 2009, 5:08 a.m. UTC | #3 
From: Arnaldo Carvalho de Melo <acme@infradead.org>
Date: Wed, 4 Nov 2009 15:32:20 -0200

> Em Wed, Nov 04, 2009 at 11:32:24AM -0500, Eric Paris escreveu:
>> Before calling capable(CAP_NET_RAW) check if this operations is on behalf
>> of the kernel or on behalf of userspace.  Do not do the security check if
>> it is on behalf of the kernel.
>> 
>> Signed-off-by: Eric Paris <eparis@redhat.com>
> 
> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>

Applied to net-next-2.6
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 365ae16..ff0233d 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -832,7 +832,7 @@  static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
 			sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
 		return -ESOCKTNOSUPPORT;
 
-	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
 		return -EPERM;
 
 	sock->ops = &l2cap_sock_ops;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 5c7e42c..7d12c6a 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -326,7 +326,7 @@  lookup_protocol:
 	}
 
 	err = -EPERM;
-	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
 		goto out_rcu_unlock;
 
 	err = -EAFNOSUPPORT;
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 45ed5e0..12e69d3 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -159,7 +159,7 @@  lookup_protocol:
 	}
 
 	err = -EPERM;
-	if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
+	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
 		goto out_rcu_unlock;
 
 	sock->ops = answer->ops;