diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2014-04-23 14:26:25 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-06-26 15:12:37 -0400 |
| commit | f0efa2954c20ab833bf99acba0a0817f1deee9e0 (patch) | |
| tree | 054fd0e3086f1b82edb9048dd091748c5ac94aeb /net/core | |
| parent | d806b7310e479239441cebdd3fdcdacdb4208db3 (diff) | |
net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump
[ Upstream commit a53b72c83a4216f2eb883ed45a0cbce014b8e62d ]
The permission check in sock_diag_put_filterinfo is wrong, and it is so removed
from it's sources it is not clear why it is wrong. Move the computation
into packet_diag_dump and pass a bool of the result into sock_diag_filterinfo.
This does not yet correct the capability check but instead simply moves it to make
it clear what is going on.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/sock_diag.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c index 6a7fae228634..c38e7a2b5a8e 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype) } EXPORT_SYMBOL_GPL(sock_diag_put_meminfo); -int sock_diag_put_filterinfo(struct sock *sk, +int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk, struct sk_buff *skb, int attrtype) { struct nlattr *attr; @@ -57,7 +57,7 @@ int sock_diag_put_filterinfo(struct sock *sk, unsigned int len; int err = 0; - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { + if (!may_report_filterinfo) { nla_reserve(skb, attrtype, 0); return 0; } |