diff options
author | Eugene Teo <eugeneteo@kernel.sg> | 2008-08-27 07:50:30 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-08-27 07:50:30 -0400 |
commit | f2455eb176ac87081bbfc9a44b21c7cd2bc1967e (patch) | |
tree | 63874579df35e6938faa973f476a4fe803f5282c | |
parent | 6c36810a731a422535d838cdb440f332c1d91017 (diff) |
wan: Missing capability checks in sbni_ioctl()
There are missing capability checks in the following code:
1300 static int
1301 sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd)
1302 {
[...]
1319 case SIOCDEVRESINSTATS :
1320 if( current->euid != 0 ) /* root only */
1321 return -EPERM;
[...]
1336 case SIOCDEVSHWSTATE :
1337 if( current->euid != 0 ) /* root only */
1338 return -EPERM;
[...]
1357 case SIOCDEVENSLAVE :
1358 if( current->euid != 0 ) /* root only */
1359 return -EPERM;
[...]
1372 case SIOCDEVEMANSIPATE :
1373 if( current->euid != 0 ) /* root only */
1374 return -EPERM;
Here's my proposed fix:
Missing capability checks.
Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/wan/sbni.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/net/wan/sbni.c b/drivers/net/wan/sbni.c index e59255a155a9..6596cd0742b9 100644 --- a/drivers/net/wan/sbni.c +++ b/drivers/net/wan/sbni.c | |||
@@ -1317,7 +1317,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) | |||
1317 | break; | 1317 | break; |
1318 | 1318 | ||
1319 | case SIOCDEVRESINSTATS : | 1319 | case SIOCDEVRESINSTATS : |
1320 | if( current->euid != 0 ) /* root only */ | 1320 | if (!capable(CAP_NET_ADMIN)) |
1321 | return -EPERM; | 1321 | return -EPERM; |
1322 | memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) ); | 1322 | memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) ); |
1323 | break; | 1323 | break; |
@@ -1334,7 +1334,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) | |||
1334 | break; | 1334 | break; |
1335 | 1335 | ||
1336 | case SIOCDEVSHWSTATE : | 1336 | case SIOCDEVSHWSTATE : |
1337 | if( current->euid != 0 ) /* root only */ | 1337 | if (!capable(CAP_NET_ADMIN)) |
1338 | return -EPERM; | 1338 | return -EPERM; |
1339 | 1339 | ||
1340 | spin_lock( &nl->lock ); | 1340 | spin_lock( &nl->lock ); |
@@ -1355,7 +1355,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) | |||
1355 | #ifdef CONFIG_SBNI_MULTILINE | 1355 | #ifdef CONFIG_SBNI_MULTILINE |
1356 | 1356 | ||
1357 | case SIOCDEVENSLAVE : | 1357 | case SIOCDEVENSLAVE : |
1358 | if( current->euid != 0 ) /* root only */ | 1358 | if (!capable(CAP_NET_ADMIN)) |
1359 | return -EPERM; | 1359 | return -EPERM; |
1360 | 1360 | ||
1361 | if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name )) | 1361 | if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name )) |
@@ -1370,7 +1370,7 @@ sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd ) | |||
1370 | return enslave( dev, slave_dev ); | 1370 | return enslave( dev, slave_dev ); |
1371 | 1371 | ||
1372 | case SIOCDEVEMANSIPATE : | 1372 | case SIOCDEVEMANSIPATE : |
1373 | if( current->euid != 0 ) /* root only */ | 1373 | if (!capable(CAP_NET_ADMIN)) |
1374 | return -EPERM; | 1374 | return -EPERM; |
1375 | 1375 | ||
1376 | return emancipate( dev ); | 1376 | return emancipate( dev ); |