the current netlink_send in dummy.c actually uses capabilities. this is
not the end of the world, but is a bit of a hack.
admittedly, this is just another hack ;-) but i'd say it's closer to
the dummy charter (superuser permsisions). since we do not have a
blob in netlink_skb_parms (we've talked about this a few times), we can
steal the eff_cap for dummy's needs.
thoughts/flames?
-chris
===== security/dummy.c 1.8 vs edited =====
--- 1.8/security/dummy.c Tue Oct 30 09:06:24 2001
+++ edited/security/dummy.c Wed Oct 31 17:27:18 2001
@@ -134,16 +134,14 @@
static int dummy_netlink_send (struct sk_buff *skb)
{
- if (current->euid == 0)
- cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
- else
- NETLINK_CB (skb).eff_cap = 0;
+ NETLINK_CB(skb).eff_cap = current->euid;
return 0;
}
static int dummy_netlink_recv (struct sk_buff *skb)
{
- if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+ /* need stored euid to be 0 */
+ if (NETLINK_CB(skb).eff_cap)
return -EPERM;
return 0;
}
===== security/nproc_plug.c 1.4 vs edited =====
--- 1.4/security/nproc_plug.c Wed Oct 31 09:39:52 2001
+++ edited/security/nproc_plug.c Wed Oct 31 17:27:33 2001
@@ -147,17 +147,15 @@
static int nproc_netlink_send (struct sk_buff *skb)
{
/* from dummy.c */
- if (current->euid == 0)
- cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
- else
- NETLINK_CB (skb).eff_cap = 0;
+ NETLINK_CB(skb).eff_cap = current->euid;
return 0;
}
static int nproc_netlink_recv (struct sk_buff *skb)
{
/* from dummy.c */
- if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
+ /* need stored euid to be 0 */
+ if (NETLINK_CB(skb).eff_cap)
return -EPERM;
return 0;
}
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 17:47:26 PST