1 |
Author: mpagano |
2 |
Date: 2008-10-10 23:52:30 +0000 (Fri, 10 Oct 2008) |
3 |
New Revision: 1348 |
4 |
|
5 |
Added: |
6 |
genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch |
7 |
Modified: |
8 |
genpatches-2.6/trunk/2.6.26/0000_README |
9 |
Log: |
10 |
Include security patch which adds missing capability checks in drivers/net/wan/sbni.c -> sbni_ioctl() |
11 |
|
12 |
Modified: genpatches-2.6/trunk/2.6.26/0000_README |
13 |
=================================================================== |
14 |
--- genpatches-2.6/trunk/2.6.26/0000_README 2008-10-10 23:49:37 UTC (rev 1347) |
15 |
+++ genpatches-2.6/trunk/2.6.26/0000_README 2008-10-10 23:52:30 UTC (rev 1348) |
16 |
@@ -63,6 +63,10 @@ |
17 |
From: http://www.kernel.org |
18 |
Desc: Linux 2.6.26.6 |
19 |
|
20 |
+Patch: 1502_wan-sbni_ioctl-add-missing-capability-checks.patch |
21 |
+From: http://www.kernel.org |
22 |
+Desc: Adds missing capability checks in drivers/net/wan/sbni.c -> sbni_ioctl() |
23 |
+ |
24 |
Patch: 1900_UTC-timestamp-option.patch |
25 |
From: http://bugs.gentoo.org/233307 |
26 |
Desc: Fix to add UTC timestamp option |
27 |
|
28 |
Added: genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch |
29 |
=================================================================== |
30 |
--- genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch (rev 0) |
31 |
+++ genpatches-2.6/trunk/2.6.26/1502_wan-sbni_ioctl-add-missing-capability-checks.patch 2008-10-10 23:52:30 UTC (rev 1348) |
32 |
@@ -0,0 +1,79 @@ |
33 |
+From: Eugene Teo <eugeneteo@××××××.sg> |
34 |
+Date: Wed, 27 Aug 2008 11:50:30 +0000 (-0700) |
35 |
+Subject: wan: Missing capability checks in sbni_ioctl() |
36 |
+X-Git-Tag: v2.6.27-rc5~8^2~2 |
37 |
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e |
38 |
+ |
39 |
+wan: Missing capability checks in sbni_ioctl() |
40 |
+ |
41 |
+There are missing capability checks in the following code: |
42 |
+ |
43 |
+1300 static int |
44 |
+1301 sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd) |
45 |
+1302 { |
46 |
+[...] |
47 |
+1319 case SIOCDEVRESINSTATS : |
48 |
+1320 if( current->euid != 0 ) /* root only */ |
49 |
+1321 return -EPERM; |
50 |
+[...] |
51 |
+1336 case SIOCDEVSHWSTATE : |
52 |
+1337 if( current->euid != 0 ) /* root only */ |
53 |
+1338 return -EPERM; |
54 |
+[...] |
55 |
+1357 case SIOCDEVENSLAVE : |
56 |
+1358 if( current->euid != 0 ) /* root only */ |
57 |
+1359 return -EPERM; |
58 |
+[...] |
59 |
+1372 case SIOCDEVEMANSIPATE : |
60 |
+1373 if( current->euid != 0 ) /* root only */ |
61 |
+1374 return -EPERM; |
62 |
+ |
63 |
+Here's my proposed fix: |
64 |
+ |
65 |
+Missing capability checks. |
66 |
+ |
67 |
+Signed-off-by: Eugene Teo <eugeneteo@××××××.sg> |
68 |
+Signed-off-by: David S. Miller <davem@×××××××××.net> |
69 |
+--- |
70 |
+ |
71 |
+diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c |
72 |
+index e59255a..6596cd0 100644 |
73 |
+--- a/drivers/net/wan/sbni.c |
74 |
++++ b/drivers/net/wan/sbni.c |
75 |
+@@ -1317,7 +1317,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) |
76 |
+ break; |
77 |
+ |
78 |
+ case SIOCDEVRESINSTATS : |
79 |
+- if( current->euid != 0 ) /* root only */ |
80 |
++ if (!capable(CAP_NET_ADMIN)) |
81 |
+ return -EPERM; |
82 |
+ memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) ); |
83 |
+ break; |
84 |
+@@ -1334,7 +1334,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) |
85 |
+ break; |
86 |
+ |
87 |
+ case SIOCDEVSHWSTATE : |
88 |
+- if( current->euid != 0 ) /* root only */ |
89 |
++ if (!capable(CAP_NET_ADMIN)) |
90 |
+ return -EPERM; |
91 |
+ |
92 |
+ spin_lock( &nl->lock ); |
93 |
+@@ -1355,7 +1355,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) |
94 |
+ #ifdef CONFIG_SBNI_MULTILINE |
95 |
+ |
96 |
+ case SIOCDEVENSLAVE : |
97 |
+- if( current->euid != 0 ) /* root only */ |
98 |
++ if (!capable(CAP_NET_ADMIN)) |
99 |
+ return -EPERM; |
100 |
+ |
101 |
+ if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name )) |
102 |
+@@ -1370,7 +1370,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) |
103 |
+ return enslave( dev, slave_dev ); |
104 |
+ |
105 |
+ case SIOCDEVEMANSIPATE : |
106 |
+- if( current->euid != 0 ) /* root only */ |
107 |
++ if (!capable(CAP_NET_ADMIN)) |
108 |
+ return -EPERM; |
109 |
+ |
110 |
+ return emancipate( dev ); |
111 |
+ |