OSDN > Finden Software > Linux Kernel Documents > SCM > git > linux-2.4.36 > Commit

Linux Kernel Documents
Fork
linux-2.6
linux-2.4.36

R/O
HTTP
SSH
HTTPS

linux-2.4.36: Commit

2.4.36-stable kernel tree

Commit MetaInfo

Revision	a0fd3c2997c6de7a260e8ace81568a35fbf5f771 (tree)
Zeit	2008-09-06 20:35:24
Autor	Eugene Teo <eugeneteo@kern...>
Commiter	Willy Tarreau

Log Message

wan: Missing capability checks in sbni_ioctl() (CVE-2008-3525)

[backport of 2.6 commit f2455eb176ac87081bbfc9a44b21c7cd2bc1967e]

There are missing capability checks in the following code:

1300 static int
1301 sbni_ioctl( struct net_device *dev, struct ifreq *ifr, int cmd)
1302 {
[...]
1319 case SIOCDEVRESINSTATS :
1320 if( current->euid != 0 ) /* root only */
1321 return -EPERM;
[...]
1336 case SIOCDEVSHWSTATE :
1337 if( current->euid != 0 ) /* root only */
1338 return -EPERM;
[...]
1357 case SIOCDEVENSLAVE :
1358 if( current->euid != 0 ) /* root only */
1359 return -EPERM;
[...]
1372 case SIOCDEVEMANSIPATE :
1373 if( current->euid != 0 ) /* root only */
1374 return -EPERM;

Here's my proposed fix:

Missing capability checks.

Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>

Ändern Zusammenfassung

modified: drivers/net/wan/sbni.c (diff)

Diff

--- a/drivers/net/wan/sbni.c

+++ b/drivers/net/wan/sbni.c

		@@ -1297,7 +1297,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
1297	1297	break;
1298	1298
1299	1299	case SIOCDEVRESINSTATS :
1300		- if( current->euid != 0 ) /* root only */
	1300	+ if (!capable(CAP_NET_ADMIN)) /* root only */
1301	1301	return -EPERM;
1302	1302	memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) );
1303	1303	break;

		@@ -1316,7 +1316,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
1316	1316	break;
1317	1317
1318	1318	case SIOCDEVSHWSTATE :
1319		- if( current->euid != 0 ) /* root only */
	1319	+ if (!capable(CAP_NET_ADMIN)) /* root only */
1320	1320	return -EPERM;
1321	1321
1322	1322	spin_lock( &nl->lock );

		@@ -1337,7 +1337,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
1337	1337	#ifdef CONFIG_SBNI_MULTILINE
1338	1338
1339	1339	case SIOCDEVENSLAVE :
1340		- if( current->euid != 0 ) /* root only */
	1340	+ if (!capable(CAP_NET_ADMIN)) /* root only */
1341	1341	return -EPERM;
1342	1342
1343	1343	if( (error = verify_area( VERIFY_READ, ifr->ifr_data,

		@@ -1355,7 +1355,7 @@ sbni_ioctl( struct net_device dev, struct ifreq ifr, int cmd )
1355	1355	return enslave( dev, slave_dev );
1356	1356
1357	1357	case SIOCDEVEMANSIPATE :
1358		- if( current->euid != 0 ) /* root only */
	1358	+ if (!capable(CAP_NET_ADMIN)) /* root only */
1359	1359	return -EPERM;
1360	1360
1361	1361	return emancipate( dev );

Show on old repository browser