I think that all the ioctls in syncppp.c should be protected
by if(capable(CAP_NET_ADMIN)) the same way as the SPPPIOCDEBUG is
(in 2.1.127). One minor glitch in SPPPIOCDEBUG is that IMHO even
the clearing of the PP_DEBUG flag should be available for CAP_NET_ADMIN
only. Patch relative to 2.1.127 is attached.
-Yenya
--- /usr/src/linux/drivers/net/syncppp.c Sun Oct 18 00:33:45 1998
+++ syncppp.c Mon Nov 9 05:38:17 1998
@@ -862,21 +862,23 @@
switch(cmd)
{
case SPPPIOCCISCO:
+ if(!capable(CAP_NET_ADMIN))
+ return -EPERM;
sp->pp_flags|=PP_CISCO;
dev->type = ARPHRD_HDLC;
break;
case SPPPIOCPPP:
+ if(!capable(CAP_NET_ADMIN))
+ return -EPERM;
sp->pp_flags&=~PP_CISCO;
dev->type = ARPHRD_PPP;
break;
case SPPPIOCDEBUG:
+ if(!capable(CAP_NET_ADMIN))
+ return -EPERM;
sp->pp_flags&=~PP_DEBUG;
if(ifr->ifr_flags)
- {
- if(!capable(CAP_NET_ADMIN))
- return -EPERM;
sp->pp_flags|=PP_DEBUG;
- }
break;
default:
return -EINVAL;
-- \ Jan "Yenya" Kasprzak <kas at fi.muni.cz> http://www.fi.muni.cz/~kas/ \\ PGP: finger kas at aisa.fi.muni.cz 0D99A7FB206605D7 8B35FCDE05B18A5E // \\\ Czech Linux Homepage: http://www.linux.cz/ /// /// I think I'd rather be forced to learn perl than 68020 MMU. -Alan Cox \\\- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/