UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'check-CAP_NEW_RAW' 

Greg Kroah-Hartman says:

====================
Raw socket cleanups

Ori Nimron pointed out that there are a number of places in the kernel
where you can create a raw socket, without having to have the
CAP_NET_RAW permission.

To resolve this, here's a short patch series to test these odd and old
protocols for this permission before allowing the creation to succeed

All patches are currently against the net tree.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2019-09-24 16:37:18 +02:00
parent 3d66b89c30 3a359798b1
commit 0edc3f703f
5 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/isdn/mISDN/socket.c
View File

@ -754,6 +754,8 @@ base_sock_create(struct net *net, struct socket *sock, int protocol, int kern)
if (sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
if (!capable(CAP_NET_RAW))
return -EPERM;
sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern);
if (!sk)

5
net/appletalk/ddp.c
View File

@ -1023,6 +1023,11 @@ static int atalk_create(struct net *net, struct socket *sock, int protocol,
*/
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
goto out;
rc = -EPERM;
if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
goto out;
rc = -ENOMEM;
sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, kern);
if (!sk)

2
net/ax25/af_ax25.c
View File

@ -855,6 +855,8 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol,
break;
case SOCK_RAW:
if (!capable(CAP_NET_RAW))
return -EPERM;
break;
default:
return -ESOCKTNOSUPPORT;

3
net/ieee802154/socket.c
View File

@ -1008,6 +1008,9 @@ static int ieee802154_create(struct net *net, struct socket *sock,
switch (sock->type) {
case SOCK_RAW:
rc = -EPERM;
if (!capable(CAP_NET_RAW))
goto out;
proto = &ieee802154_raw_prot;
ops = &ieee802154_raw_ops;
break;

7
net/nfc/llcp_sock.c
View File

@ -1004,10 +1004,13 @@ static int llcp_sock_create(struct net *net, struct socket *sock,
sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
if (sock->type == SOCK_RAW)
if (sock->type == SOCK_RAW) {
if (!capable(CAP_NET_RAW))
return -EPERM;
sock->ops = &llcp_rawsock_ops;
else
} else {
sock->ops = &llcp_sock_ops;
}
sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC, kern);
if (sk == NULL)