Commit 0edc3f70 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'check-CAP_NEW_RAW' 



Greg Kroah-Hartman says:

====================
Raw socket cleanups

Ori Nimron pointed out that there are a number of places in the kernel
where you can create a raw socket, without having to have the
CAP_NET_RAW permission.

To resolve this, here's a short patch series to test these odd and old
protocols for this permission before allowing the creation to succeed

All patches are currently against the net tree.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 3d66b89c 3a359798

drivers/isdn/mISDN/socket.c

+2 −0
Original line number Diff line number Diff line
@@ -754,6 +754,8 @@ base_sock_create(struct net *net, struct socket *sock, int protocol, int kern) 


	if (sock->type != SOCK_RAW)

		return -ESOCKTNOSUPPORT;

	if (!capable(CAP_NET_RAW))

		return -EPERM;



	sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern);

	if (!sk)

net/appletalk/ddp.c

+5 −0
Original line number Diff line number Diff line
@@ -1023,6 +1023,11 @@ static int atalk_create(struct net *net, struct socket *sock, int protocol, 
	 */

	if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)

		goto out;



	rc = -EPERM;

	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))

		goto out;



	rc = -ENOMEM;

	sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, kern);

	if (!sk)

net/ax25/af_ax25.c

+2 −0
Original line number Diff line number Diff line
@@ -855,6 +855,8 @@ static int ax25_create(struct net *net, struct socket *sock, int protocol, 
		break;



	case SOCK_RAW:

		if (!capable(CAP_NET_RAW))

			return -EPERM;

		break;

	default:

		return -ESOCKTNOSUPPORT;

net/ieee802154/socket.c

+3 −0
Original line number Diff line number Diff line
@@ -1008,6 +1008,9 @@ static int ieee802154_create(struct net *net, struct socket *sock, 


	switch (sock->type) {

	case SOCK_RAW:

		rc = -EPERM;

		if (!capable(CAP_NET_RAW))

			goto out;

		proto = &ieee802154_raw_prot;

		ops = &ieee802154_raw_ops;

		break;

net/nfc/llcp_sock.c

+5 −2
Original line number Diff line number Diff line
@@ -1004,10 +1004,13 @@ static int llcp_sock_create(struct net *net, struct socket *sock, 
	    sock->type != SOCK_RAW)

		return -ESOCKTNOSUPPORT;



	if (sock->type == SOCK_RAW)

	if (sock->type == SOCK_RAW) {

		if (!capable(CAP_NET_RAW))

			return -EPERM;

		sock->ops = &llcp_rawsock_ops;

	else

	} else {

		sock->ops = &llcp_sock_ops;

	}



	sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC, kern);

	if (sk == NULL)