tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'check-CAP_NEW_RAW'
Greg Kroah-Hartman says:
====================
Raw socket cleanups
Ori Nimron pointed out that there are a number of places in the kernel
where you can create a raw socket, without having to have the
CAP_NET_RAW permission.
To resolve this, here's a short patch series to test these odd and old
protocols for this permission before allowing the creation to succeed
All patches are currently against the net tree.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
+17
-2
+2
drivers/isdn/mISDN/socket.c
+2
drivers/isdn/mISDN/socket.c
+5
net/appletalk/ddp.c
+5
net/appletalk/ddp.c
···
1023
1023
*/
1024
1024
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
1025
1025
goto out;
1026
+
1027
+
rc = -EPERM;
1028
+
if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
1029
+
goto out;
1030
+
1026
1031
rc = -ENOMEM;
1027
1032
sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, kern);
1028
1033
if (!sk)
+2
net/ax25/af_ax25.c
+2
net/ax25/af_ax25.c
+3
net/ieee802154/socket.c
+3
net/ieee802154/socket.c
+5
-2
net/nfc/llcp_sock.c
+5
-2
net/nfc/llcp_sock.c
···
1004
1004
sock->type != SOCK_RAW)
1005
1005
return -ESOCKTNOSUPPORT;
1006
1006
1007
-
if (sock->type == SOCK_RAW)
1007
+
if (sock->type == SOCK_RAW) {
1008
+
if (!capable(CAP_NET_RAW))
1009
+
return -EPERM;
1008
1010
sock->ops = &llcp_rawsock_ops;
1009
-
else
1011
+
} else {
1010
1012
sock->ops = &llcp_sock_ops;
1013
+
}
1011
1014
1012
1015
sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC, kern);
1013
1016
if (sk == NULL)