diff options
| author | Matthias-Christian Ott <ott@mirix.org> | 2014-05-08 09:58:12 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2014-05-08 09:58:12 -0400 |
| commit | c568398aa05f852592d0e2b1dc893e6c5c14971c (patch) | |
| tree | 222b91790ea0dee106e90a9fa22839d7e116bc1a | |
| parent | da37503d37bb6ae72cca0b4d729c153f04b9f0cc (diff) | |
crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN
CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information
provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules
and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that
processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher
details, such as cipher priorities, for AF_ALG.
Signed-off-by: Matthias-Christian Ott <ott@mirix.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | crypto/crypto_user.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c index 1512e41cd93d..aa906b8fdd17 100644 --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c | |||
| @@ -265,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 265 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; | 265 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; |
| 266 | LIST_HEAD(list); | 266 | LIST_HEAD(list); |
| 267 | 267 | ||
| 268 | if (!capable(CAP_NET_ADMIN)) | ||
| 269 | return -EPERM; | ||
| 270 | |||
| 268 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | 271 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 269 | return -EINVAL; | 272 | return -EINVAL; |
| 270 | 273 | ||
| @@ -295,6 +298,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 295 | struct crypto_alg *alg; | 298 | struct crypto_alg *alg; |
| 296 | struct crypto_user_alg *p = nlmsg_data(nlh); | 299 | struct crypto_user_alg *p = nlmsg_data(nlh); |
| 297 | 300 | ||
| 301 | if (!capable(CAP_NET_ADMIN)) | ||
| 302 | return -EPERM; | ||
| 303 | |||
| 298 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | 304 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 299 | return -EINVAL; | 305 | return -EINVAL; |
| 300 | 306 | ||
| @@ -379,6 +385,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 379 | struct crypto_user_alg *p = nlmsg_data(nlh); | 385 | struct crypto_user_alg *p = nlmsg_data(nlh); |
| 380 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; | 386 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; |
| 381 | 387 | ||
| 388 | if (!capable(CAP_NET_ADMIN)) | ||
| 389 | return -EPERM; | ||
| 390 | |||
| 382 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | 391 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 383 | return -EINVAL; | 392 | return -EINVAL; |
| 384 | 393 | ||
| @@ -466,9 +475,6 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 466 | type -= CRYPTO_MSG_BASE; | 475 | type -= CRYPTO_MSG_BASE; |
| 467 | link = &crypto_dispatch[type]; | 476 | link = &crypto_dispatch[type]; |
| 468 | 477 | ||
| 469 | if (!capable(CAP_NET_ADMIN)) | ||
| 470 | return -EPERM; | ||
| 471 | |||
| 472 | if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) && | 478 | if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) && |
| 473 | (nlh->nlmsg_flags & NLM_F_DUMP))) { | 479 | (nlh->nlmsg_flags & NLM_F_DUMP))) { |
| 474 | struct crypto_alg *alg; | 480 | struct crypto_alg *alg; |