diff options
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/dev.c | 8 | ||||
| -rw-r--r-- | net/core/scm.c | 10 |
2 files changed, 12 insertions, 6 deletions
diff --git a/net/core/dev.c b/net/core/dev.c index 9174c77d311..89912ae6de6 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
| @@ -2961,6 +2961,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags) | |||
| 2961 | static int __dev_set_promiscuity(struct net_device *dev, int inc) | 2961 | static int __dev_set_promiscuity(struct net_device *dev, int inc) |
| 2962 | { | 2962 | { |
| 2963 | unsigned short old_flags = dev->flags; | 2963 | unsigned short old_flags = dev->flags; |
| 2964 | uid_t uid; | ||
| 2965 | gid_t gid; | ||
| 2964 | 2966 | ||
| 2965 | ASSERT_RTNL(); | 2967 | ASSERT_RTNL(); |
| 2966 | 2968 | ||
| @@ -2985,15 +2987,17 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc) | |||
| 2985 | printk(KERN_INFO "device %s %s promiscuous mode\n", | 2987 | printk(KERN_INFO "device %s %s promiscuous mode\n", |
| 2986 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : | 2988 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : |
| 2987 | "left"); | 2989 | "left"); |
| 2988 | if (audit_enabled) | 2990 | if (audit_enabled) { |
| 2991 | current_uid_gid(&uid, &gid); | ||
| 2989 | audit_log(current->audit_context, GFP_ATOMIC, | 2992 | audit_log(current->audit_context, GFP_ATOMIC, |
| 2990 | AUDIT_ANOM_PROMISCUOUS, | 2993 | AUDIT_ANOM_PROMISCUOUS, |
| 2991 | "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", | 2994 | "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", |
| 2992 | dev->name, (dev->flags & IFF_PROMISC), | 2995 | dev->name, (dev->flags & IFF_PROMISC), |
| 2993 | (old_flags & IFF_PROMISC), | 2996 | (old_flags & IFF_PROMISC), |
| 2994 | audit_get_loginuid(current), | 2997 | audit_get_loginuid(current), |
| 2995 | current->uid, current->gid, | 2998 | uid, gid, |
| 2996 | audit_get_sessionid(current)); | 2999 | audit_get_sessionid(current)); |
| 3000 | } | ||
| 2997 | 3001 | ||
| 2998 | dev_change_rx_flags(dev, IFF_PROMISC); | 3002 | dev_change_rx_flags(dev, IFF_PROMISC); |
| 2999 | } | 3003 | } |
diff --git a/net/core/scm.c b/net/core/scm.c index b12303dd39d..b7ba91b074b 100644 --- a/net/core/scm.c +++ b/net/core/scm.c | |||
| @@ -44,11 +44,13 @@ | |||
| 44 | 44 | ||
| 45 | static __inline__ int scm_check_creds(struct ucred *creds) | 45 | static __inline__ int scm_check_creds(struct ucred *creds) |
| 46 | { | 46 | { |
| 47 | const struct cred *cred = current_cred(); | ||
| 48 | |||
| 47 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && | 49 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && |
| 48 | ((creds->uid == current->uid || creds->uid == current->euid || | 50 | ((creds->uid == cred->uid || creds->uid == cred->euid || |
| 49 | creds->uid == current->suid) || capable(CAP_SETUID)) && | 51 | creds->uid == cred->suid) || capable(CAP_SETUID)) && |
| 50 | ((creds->gid == current->gid || creds->gid == current->egid || | 52 | ((creds->gid == cred->gid || creds->gid == cred->egid || |
| 51 | creds->gid == current->sgid) || capable(CAP_SETGID))) { | 53 | creds->gid == cred->sgid) || capable(CAP_SETGID))) { |
| 52 | return 0; | 54 | return 0; |
| 53 | } | 55 | } |
| 54 | return -EPERM; | 56 | return -EPERM; |