Re: [PATCH 1/2] misc: nsm: require CAP_SYS_ADMIN for raw ioctl

[Graf (AWS), Alexander]

On 21.06.26 10:57, Vu Nguyen Anh Khoa wrote:
> NSM_IOCTL_RAW lets userspace submit raw NSM messages. The UAPI
> documents this ioctl as available only with CAP_SYS_ADMIN, but /dev/nsm
> is registered with mode 0666 and nsm_dev_ioctl() does not enforce that
> restriction.
>
> Reject unprivileged raw ioctl requests before accepting user-controlled
> NSM messages.
>
> Signed-off-by: Vu Nguyen Anh Khoa <khoavna.tin.2225@xxxxxxxxx>


This must have fallen through the cracks when I juggled with the 
different versions during initial submission. Nice catch!

Reviewed-by: Alexander Graf <graf@xxxxxxxxxx>


Alex



Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597