[gentoo-commits] linux-patches r1348 - genpatches-2.6/trunk/2.6.26 - gentoo-commits

From:	"Mike Pagano (mpagano)" <mpagano@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] linux-patches r1348 - genpatches-2.6/trunk/2.6.26
Date:	Fri, 10 Oct 2008 23:52:34
Message-Id:	`E1KoRmZ-0001FR-7H@stork.gentoo.org`

1

Author: mpagano

2

Date: 2008-10-10 23:52:30 +0000 (Fri, 10 Oct 2008)

3

New Revision: 1348

4

5

Added:

6

   genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch

7

Modified:

8

   genpatches-2.6/trunk/2.6.26/0000_README

9

Log:

10

Include security patch which adds missing capability checks in drivers/net/wan/sbni.c -> sbni_ioctl()

11

12

Modified: genpatches-2.6/trunk/2.6.26/0000_README

13

===================================================================

14

--- genpatches-2.6/trunk/2.6.26/0000_README	2008-10-10 23:49:37 UTC (rev 1347)

15

+++ genpatches-2.6/trunk/2.6.26/0000_README	2008-10-10 23:52:30 UTC (rev 1348)

16

@@ -63,6 +63,10 @@

17

 From:   http://www.kernel.org

18

 Desc:   Linux 2.6.26.6

19

20

+Patch:  1502_wan-sbni_ioctl-add-missing-capability-checks.patch

21

+From:   http://www.kernel.org

22

+Desc:   Adds missing capability checks in drivers/net/wan/sbni.c -> sbni_ioctl()

23

+

24

 Patch:	1900_UTC-timestamp-option.patch

25

 From:	http://bugs.gentoo.org/233307

26

 Desc:	Fix to add UTC timestamp option

27

28

Added: genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch

29

===================================================================

30

--- genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch	                        (rev 0)

31

+++ genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch	2008-10-10 23:52:30 UTC (rev 1348)

32

@@ -0,0 +1,79 @@

33

+From: Eugene Teo <eugeneteo@××××××.sg>

34

+Date: Wed, 27 Aug 2008 11:50:30 +0000 (-0700)

35

+Subject: wan: Missing capability checks in sbni_ioctl()

36

+X-Git-Tag: v2.6.27-rc5~8^2~2

37

+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e

38

+

39

+wan: Missing capability checks in sbni_ioctl()

40

+

41

+There are missing capability checks in the following code:

42

+

43

+1300 static int

44

+1301 sbni_ioctl( struct net_device  *dev,  struct ifreq  *ifr,  int  cmd)

45

+1302 {

46

+[...]

47

+1319     case  SIOCDEVRESINSTATS :

48

+1320         if( current->euid != 0 )    /* root only */

49

+1321             return  -EPERM;

50

+[...]

51

+1336     case  SIOCDEVSHWSTATE :

52

+1337         if( current->euid != 0 )    /* root only */

53

+1338             return  -EPERM;

54

+[...]

55

+1357     case  SIOCDEVENSLAVE :

56

+1358         if( current->euid != 0 )    /* root only */

57

+1359             return  -EPERM;

58

+[...]

59

+1372     case  SIOCDEVEMANSIPATE :

60

+1373         if( current->euid != 0 )    /* root only */

61

+1374             return  -EPERM;

62

+

63

+Here's my proposed fix:

64

+

65

+Missing capability checks.

66

+

67

+Signed-off-by: Eugene Teo <eugeneteo@××××××.sg>

68

+Signed-off-by: David S. Miller <davem@×××××××××.net>

69

+---

70

+

71

+diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c

72

+index e59255a..6596cd0 100644

73

+--- a/drivers/net/wan/sbni.c

74

++++ b/drivers/net/wan/sbni.c

75

+@@ -1317,7 +1317,7 @@ sbni_ioctl( struct net_device  *dev,  struct ifreq  *ifr,  int  cmd )

76

+ 		break;

77

+

78

+ 	case  SIOCDEVRESINSTATS :

79

+-		if( current->euid != 0 )	/* root only */

80

++		if (!capable(CAP_NET_ADMIN))

81

+ 			return  -EPERM;

82

+ 		memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) );

83

+ 		break;

84

+@@ -1334,7 +1334,7 @@ sbni_ioctl( struct net_device  *dev,  struct ifreq  *ifr,  int  cmd )

85

+ 		break;

86

+

87

+ 	case  SIOCDEVSHWSTATE :

88

+-		if( current->euid != 0 )	/* root only */

89

++		if (!capable(CAP_NET_ADMIN))

90

+ 			return  -EPERM;

91

+

92

+ 		spin_lock( &nl->lock );

93

+@@ -1355,7 +1355,7 @@ sbni_ioctl( struct net_device  *dev,  struct ifreq  *ifr,  int  cmd )

94

+ #ifdef CONFIG_SBNI_MULTILINE

95

+

96

+ 	case  SIOCDEVENSLAVE :

97

+-		if( current->euid != 0 )	/* root only */

98

++		if (!capable(CAP_NET_ADMIN))

99

+ 			return  -EPERM;

100

+

101

+ 		if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name ))

102

+@@ -1370,7 +1370,7 @@ sbni_ioctl( struct net_device  *dev,  struct ifreq  *ifr,  int  cmd )

103

+ 		return  enslave( dev, slave_dev );

104

+

105

+ 	case  SIOCDEVEMANSIPATE :

106

+-		if( current->euid != 0 )	/* root only */

107

++		if (!capable(CAP_NET_ADMIN))

108

+ 			return  -EPERM;

109

+

110

+ 		return  emancipate( dev );

111

+

1	Author: mpagano
2	Date: 2008-10-10 23:52:30 +0000 (Fri, 10 Oct 2008)
3	New Revision: 1348
4
5	Added:
6	genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch
7	Modified:
8	genpatches-2.6/trunk/2.6.26/0000_README
9	Log:
10	Include security patch which adds missing capability checks in drivers/net/wan/sbni.c -> sbni_ioctl()
11
12	Modified: genpatches-2.6/trunk/2.6.26/0000_README
13	===================================================================
14	--- genpatches-2.6/trunk/2.6.26/0000_README 2008-10-10 23:49:37 UTC (rev 1347)
15	+++ genpatches-2.6/trunk/2.6.26/0000_README 2008-10-10 23:52:30 UTC (rev 1348)
16	@@ -63,6 +63,10 @@
17	From: http://www.kernel.org
18	Desc: Linux 2.6.26.6
19
20	+Patch: 1502_wan-sbni_ioctl-add-missing-capability-checks.patch
21	+From: http://www.kernel.org
22	+Desc: Adds missing capability checks in drivers/net/wan/sbni.c -> sbni_ioctl()
23	+
24	Patch: 1900_UTC-timestamp-option.patch
25	From: http://bugs.gentoo.org/233307
26	Desc: Fix to add UTC timestamp option
27
28	Added: genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch
29	===================================================================
30	--- genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch (rev 0)
31	+++ genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch 2008-10-10 23:52:30 UTC (rev 1348)
32	@@ -0,0 +1,79 @@
33	+From: Eugene Teo <eugeneteo@××××××.sg>
34	+Date: Wed, 27 Aug 2008 11:50:30 +0000 (-0700)
35	+Subject: wan: Missing capability checks in sbni_ioctl()
36	+X-Git-Tag: v2.6.27-rc5~8^2~2
37	+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e
38	+
39	+wan: Missing capability checks in sbni_ioctl()
40	+
41	+There are missing capability checks in the following code:
42	+
43	+1300 static int
44	+1301 sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd)
45	+1302 {
46	+[...]
47	+1319 case SIOCDEVRESINSTATS :
48	+1320 if( current->euid != 0 ) /* root only */
49	+1321 return -EPERM;
50	+[...]
51	+1336 case SIOCDEVSHWSTATE :
52	+1337 if( current->euid != 0 ) /* root only */
53	+1338 return -EPERM;
54	+[...]
55	+1357 case SIOCDEVENSLAVE :
56	+1358 if( current->euid != 0 ) /* root only */
57	+1359 return -EPERM;
58	+[...]
59	+1372 case SIOCDEVEMANSIPATE :
60	+1373 if( current->euid != 0 ) /* root only */
61	+1374 return -EPERM;
62	+
63	+Here's my proposed fix:
64	+
65	+Missing capability checks.
66	+
67	+Signed-off-by: Eugene Teo <eugeneteo@××××××.sg>
68	+Signed-off-by: David S. Miller <davem@×××××××××.net>
69	+---
70	+
71	+diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c
72	+index e59255a..6596cd0 100644
73	+--- a/drivers/net/wan/sbni.c
74	++++ b/drivers/net/wan/sbni.c
75	+@@ -1317,7 +1317,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
76	+ break;
77	+
78	+ case SIOCDEVRESINSTATS :
79	+- if( current->euid != 0 ) /* root only */
80	++ if (!capable(CAP_NET_ADMIN))
81	+ return -EPERM;
82	+ memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) );
83	+ break;
84	+@@ -1334,7 +1334,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
85	+ break;
86	+
87	+ case SIOCDEVSHWSTATE :
88	+- if( current->euid != 0 ) /* root only */
89	++ if (!capable(CAP_NET_ADMIN))
90	+ return -EPERM;
91	+
92	+ spin_lock( &nl->lock );
93	+@@ -1355,7 +1355,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
94	+ #ifdef CONFIG_SBNI_MULTILINE
95	+
96	+ case SIOCDEVENSLAVE :
97	+- if( current->euid != 0 ) /* root only */
98	++ if (!capable(CAP_NET_ADMIN))
99	+ return -EPERM;
100	+
101	+ if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name ))
102	+@@ -1370,7 +1370,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
103	+ return enslave( dev, slave_dev );
104	+
105	+ case SIOCDEVEMANSIPATE :
106	+- if( current->euid != 0 ) /* root only */
107	++ if (!capable(CAP_NET_ADMIN))
108	+ return -EPERM;
109	+
110	+ return emancipate( dev );
111	+

Gentoo Archives: gentoo-commits