GitHub-Mirror/linux-bl808
2
0
Fork 0
mirror of https://github.com/Fishwaldo/linux-bl808.git synced 2025-06-17 20:25:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

net: Fix ns_capable check in sock_diag_put_filterinfo

Browse source 
The caller needs capabilities on the namespace being queried, not on
their own namespace.  This is a security bug, although it likely has
only a minor impact.

Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Andrew Lutomirski 2014-04-16 21:41:34 -07:00 committed by David S. Miller
parent b0bda38532
commit 78541c1dc6
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/linux/sock_diag.h
View file

@ -23,7 +23,7 @@ int sock_diag_check_cookie(void *sk, __u32 *cookie);
void sock_diag_save_cookie(void *sk, __u32 *cookie);
int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attr);
int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,
int sock_diag_put_filterinfo(struct sock *sk,
struct sk_buff *skb, int attrtype);
#endif