> didn't check for capable(CAP_NET_ADMIN) in its ->do_ioctl method,
> letting unprivledged users change the network's configuration.
> Since I just completed a similar audit on the atm drivers (which
Eep most of these are in 2.2.x as well
> Need I say more? Dag - could you look at this. At least
> drivers/net/irda/{irport.c,irtty.c,nsc-ircc.c,toshoboe.c,w83977af_ir.c}
Nod. Dag ?
> * hamradio/{baycomm_epp.c,hdlcdrv.c}...
> In general the hamradio drivers look pretty good, but both baycomm_epp.c
> and hdlcdrv.c allow setting "calibrate" via the HDLCDRVCTL_CALIBRATE
> sub-ioctl without any permission. It looks to me like that could at
> least be used for possible DoS - Thomas, what's your call?
Fixed here. I've also tidied up the permission reports on those two drivers
to report -EPERM and use CAP_NET_ADMIN
> pcmcia/{netwave_cs.c,wavelan_cs.c} --
> The higher-layer wireless extensions prevent unprivledged users
> Also pcmcia/wavelan_cs.c should protect against SIOCSIPROAM.
netwave_cs is hopelessly broken. It is doing copy_*_user with interrupts
disabled. Will someone stand up and fix it 8)
> I can't say that this patch is tested, but my kernel compiles no worse
> with it in.
Ok I've done all but the irda ones for 2.2.x
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Mar 07 2000 - 21:00:24 EST