ir245_af_ias.diff :
-----------------
o [CORRECT] Restrict write access to IAS database to ROOT. Users can
only write IAS object attached to their own socket. This avoid apps
polluting each other.
o [FEATURE] Empty IAS classname will refer to object attached to
present socket.
diff -u -p linux/net/irda/af_irda.d3.c linux/net/irda/af_irda.c
--- linux/net/irda/af_irda.d3.c Wed Nov 28 10:21:31 2001
+++ linux/net/irda/af_irda.c Wed Nov 28 14:13:43 2001
@@ -1845,15 +1845,36 @@ static int irda_setsockopt(struct socket
return -EFAULT;
}
- /* Find the object we target */
- ias_obj = irias_find_object(ias_opt->irda_class_name);
+ /* Find the object we target.
+ * If the user gives us an empty string, we use the object
+ * associated with this socket. This will workaround
+ * duplicated class name - Jean II */
+ if(ias_opt->irda_class_name[0] == '\0') {
+ if(self->ias_obj == NULL) {
+ kfree(ias_opt);
+ return -EINVAL;
+ }
+ ias_obj = self->ias_obj;
+ } else
+ ias_obj = irias_find_object(ias_opt->irda_class_name);
+
+ /* Only ROOT can mess with the global IAS database.
+ * Users can only add attributes to the object associated
+ * with the socket they own - Jean II */
+ if((!capable(CAP_NET_ADMIN)) &&
+ ((ias_obj == NULL) || (ias_obj != self->ias_obj))) {
+ kfree(ias_opt);
+ return -EPERM;
+ }
+
+ /* If the object doesn't exist, create it */
if(ias_obj == (struct ias_object *) NULL) {
/* Create a new object */
ias_obj = irias_new_object(ias_opt->irda_class_name,
jiffies);
}
- /* Do we have it already ? */
+ /* Do we have the attribute already ? */
if(irias_find_attrib(ias_obj, ias_opt->irda_attrib_name)) {
kfree(ias_opt);
return -EINVAL;
@@ -1927,13 +1948,28 @@ static int irda_setsockopt(struct socket
return -EFAULT;
}
- /* Find the object we target */
- ias_obj = irias_find_object(ias_opt->irda_class_name);
+ /* Find the object we target.
+ * If the user gives us an empty string, we use the object
+ * associated with this socket. This will workaround
+ * duplicated class name - Jean II */
+ if(ias_opt->irda_class_name[0] == '\0')
+ ias_obj = self->ias_obj;
+ else
+ ias_obj = irias_find_object(ias_opt->irda_class_name);
if(ias_obj == (struct ias_object *) NULL) {
kfree(ias_opt);
return -EINVAL;
}
+ /* Only ROOT can mess with the global IAS database.
+ * Users can only del attributes from the object associated
+ * with the socket they own - Jean II */
+ if((!capable(CAP_NET_ADMIN)) &&
+ ((ias_obj == NULL) || (ias_obj != self->ias_obj))) {
+ kfree(ias_opt);
+ return -EPERM;
+ }
+
/* Find the attribute (in the object) we target */
ias_attr = irias_find_attrib(ias_obj,
ias_opt->irda_attrib_name);
@@ -2166,8 +2202,14 @@ bed:
return -EFAULT;
}
- /* Find the object we target */
- ias_obj = irias_find_object(ias_opt->irda_class_name);
+ /* Find the object we target.
+ * If the user gives us an empty string, we use the object
+ * associated with this socket. This will workaround
+ * duplicated class name - Jean II */
+ if(ias_opt->irda_class_name[0] == '\0')
+ ias_obj = self->ias_obj;
+ else
+ ias_obj = irias_find_object(ias_opt->irda_class_name);
if(ias_obj == (struct ias_object *) NULL) {
kfree(ias_opt);
return -EINVAL;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Nov 30 2001 - 21:00:40 EST