tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

wan: Missing capability checks in sbni_ioctl()

There are missing capability checks in the following code:

1300 static int
1301 sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd)
1302 {
[...]
1319 case SIOCDEVRESINSTATS :
1320 if( current->euid != 0 ) /* root only */
1321 return -EPERM;
[...]
1336 case SIOCDEVSHWSTATE :
1337 if( current->euid != 0 ) /* root only */
1338 return -EPERM;
[...]
1357 case SIOCDEVENSLAVE :
1358 if( current->euid != 0 ) /* root only */
1359 return -EPERM;
[...]
1372 case SIOCDEVEMANSIPATE :
1373 if( current->euid != 0 ) /* root only */
1374 return -EPERM;

Here's my proposed fix:

Missing capability checks.

Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Eugene Teo and committed by David S. Miller f2455eb1 6c36810a

+4 -4
unified split
+4 -4
drivers/net/wan/sbni.c
··· 1317 break; 1318 1319 case SIOCDEVRESINSTATS : 1320 - if( current->euid != 0 ) /* root only */ 1321 return -EPERM; 1322 memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) ); 1323 break; ··· 1334 break; 1335 1336 case SIOCDEVSHWSTATE : 1337 - if( current->euid != 0 ) /* root only */ 1338 return -EPERM; 1339 1340 spin_lock( &nl->lock ); ··· 1355 #ifdef CONFIG_SBNI_MULTILINE 1356 1357 case SIOCDEVENSLAVE : 1358 - if( current->euid != 0 ) /* root only */ 1359 return -EPERM; 1360 1361 if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name )) ··· 1370 return enslave( dev, slave_dev ); 1371 1372 case SIOCDEVEMANSIPATE : 1373 - if( current->euid != 0 ) /* root only */ 1374 return -EPERM; 1375 1376 return emancipate( dev );
··· 1317 break; 1318 1319 case SIOCDEVRESINSTATS : 1320 + if (!capable(CAP_NET_ADMIN)) 1321 return -EPERM; 1322 memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) ); 1323 break; ··· 1334 break; 1335 1336 case SIOCDEVSHWSTATE : 1337 + if (!capable(CAP_NET_ADMIN)) 1338 return -EPERM; 1339 1340 spin_lock( &nl->lock ); ··· 1355 #ifdef CONFIG_SBNI_MULTILINE 1356 1357 case SIOCDEVENSLAVE : 1358 + if (!capable(CAP_NET_ADMIN)) 1359 return -EPERM; 1360 1361 if (copy_from_user( slave_name, ifr->ifr_data, sizeof slave_name )) ··· 1370 return enslave( dev, slave_dev ); 1371 1372 case SIOCDEVEMANSIPATE : 1373 + if (!capable(CAP_NET_ADMIN)) 1374 return -EPERM; 1375 1376 return emancipate( dev );