Re: Some patches for ppp_generic.c and proc/base.c
From: Jesper Juhl
Date: Thu May 19 2011 - 07:22:52 EST
On Thu, 19 May 2011, samsonov@xxxxxxxxx wrote:
> Good day!
> I mean that /proc file permission for process information must be
> secure:
>
I'm not going to comment on whether or not changing the mode is
appropriate, but there are a few other details I will comment on:
[...]
> --- ./linux-2.6.33.4.orig/drivers/net/ppp_generic.c 2010-05-13 02:04:27.000000000 +0400
> +++ ./linux-2.6.33.4/drivers/net/ppp_generic.c 2011-05-10 13:51:11.909607463 +0400
> @@ -366,8 +366,8 @@
> /*
> * This could (should?) be enforced by the permissions on /dev/ppp.
> */
> - if (!capable(CAP_NET_ADMIN))
> - return -EPERM;
> +// if (!capable(CAP_NET_ADMIN))
> +// return -EPERM;
Don't just comment out lines. If they should go away, just remove them.
[...]
> --- ./linux-2.6.33.4.orig/fs/attr.c 2010-05-13 02:04:27.000000000 +0400
> +++ ./linux-2.6.33.4/fs/attr.c 2011-05-10 14:25:57.727062904 +0400
> @@ -35,11 +35,10 @@
>
> /* Make sure caller can chgrp. */
> if ((ia_valid & ATTR_GID) &&
> - (current_fsuid() != inode->i_uid ||
> - (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
> - !capable(CAP_CHOWN))
> + !(in_group_p(attr->ia_gid) && is_owner_or_cap(inode)))
> goto error;
>
> +
Why are you adding an extra blank line here? Seems rather pointless.
--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/