Re: [PATCH] suser to capable changes in char driver

• Next message: Taco IJsselmuiden: "Re: [patch] O(1) scheduler, -H4 - 2.4.17 problems"
• Previous message: Ingo Molnar: "Re: [patch] O(1) scheduler, -H4 - 2.4.17 problems"
• In reply to: Alan Cox: "Re: [PATCH] suser to capable changes in char driver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 11 Jan 2002, Alan Cox wrote:

> Think so - thats what suser() itself did so it cant be worse 8)

Maybe we need more capabilities for finer grained privileges...
CAP_SYS_ADMIN is too powerful :)

So, again, the patch. Patch is made against 2.4.16.

diff -urN linux-2.4.16-vanilla/drivers/char/tty_io.c linux-2.4.16/drivers/char/tty_io.c
--- linux-2.4.16-vanilla/drivers/char/tty_io.c Sat Nov 3 02:26:17 2001
+++ linux-2.4.16/drivers/char/tty_io.c Fri Jan 11 06:24:16 2002
@@ -1377,7 +1377,7 @@
                 retval = -ENODEV;
         filp->f_flags = saved_flags;

- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
                 retval = -EBUSY;

         if (retval) {
@@ -1479,7 +1479,7 @@
 {
         char ch, mbz = 0;

- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
                 return -EPERM;
         if (get_user(ch, arg))
                 return -EFAULT;
@@ -1517,7 +1517,7 @@
 {
         if (inode->i_rdev == SYSCONS_DEV ||
             inode->i_rdev == CONSOLE_DEV) {
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
                         return -EPERM;
                 redirect = NULL;
                 return 0;
@@ -1559,7 +1559,7 @@
                  * This tty is already the controlling
                  * tty for another session group!
                  */
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
                         /*
                          * Steal it away
                          */
diff -urN linux-2.4.16-vanilla/drivers/char/vt.c linux-2.4.16/drivers/char/vt.c
--- linux-2.4.16-vanilla/drivers/char/vt.c Fri Nov 16 19:08:28 2001
+++ linux-2.4.16/drivers/char/vt.c Fri Jan 11 06:25:36 2002
@@ -440,10 +440,11 @@

         /*
          * To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or to have CAP_SYS_TTY_CONFIG
+ * capability.
          */
         perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
                 perm = 1;

         kbd = kbd_table + console;
@@ -1038,12 +1039,12 @@
                 return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);

         case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
                    return -EPERM;
                 vt_dont_switch = 1;
                 return 0;
         case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
                    return -EPERM;
                 vt_dont_switch = 0;
                 return 0;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Taco IJsselmuiden: "Re: [patch] O(1) scheduler, -H4 - 2.4.17 problems"
• Previous message: Ingo Molnar: "Re: [patch] O(1) scheduler, -H4 - 2.4.17 problems"
• In reply to: Alan Cox: "Re: [PATCH] suser to capable changes in char driver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Jan 15 2002 - 21:00:35 EST