aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-03-27 23:28:10 -0400
committerDavid S. Miller <davem@davemloft.net>2008-03-27 23:28:10 -0400
commit3480c63bdf008e9289aab94418f43b9592978fff (patch)
tree14a355d650dc467e105fe00bc62a3599e890bc50 /net
parent349fb2d6492e7d644bc8e670ba11d764a3e2901b (diff)
[LLC]: Restrict LLC sockets to root
LLC currently allows users to inject raw frames, including IP packets encapsulated in SNAP. While Linux doesn't handle IP over SNAP, other systems do. Restrict LLC sockets to root similar to packet sockets. [ Modified Patrick's patch to use CAP_NEW_RAW --DaveM ] Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/llc/af_llc.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 46cf962f7f88..8c50eb430c19 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -155,6 +155,9 @@ static int llc_ui_create(struct net *net, struct socket *sock, int protocol)
155 struct sock *sk; 155 struct sock *sk;
156 int rc = -ESOCKTNOSUPPORT; 156 int rc = -ESOCKTNOSUPPORT;
157 157
158 if (!capable(CAP_NET_RAW))
159 return -EPERM;
160
158 if (net != &init_net) 161 if (net != &init_net)
159 return -EAFNOSUPPORT; 162 return -EAFNOSUPPORT;
160 163