diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-16 03:03:03 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-11-18 20:32:45 -0500 |
commit | 00f70de09c418bfb028d03f046e39c1d301db7b2 (patch) | |
tree | 64d7445491c57decffaf71df79e0671c8b7324b0 | |
parent | 86937c05cb44654649a089744cd49ab0dc6873a8 (diff) | |
download | op-kernel-dev-00f70de09c418bfb028d03f046e39c1d301db7b2.zip op-kernel-dev-00f70de09c418bfb028d03f046e39c1d301db7b2.tar.gz |
net: Allow userns root to force the scm creds
If the user calling sendmsg has the appropriate privieleges
in their user namespace allow them to set the uid, gid, and
pid in the SCM_CREDENTIALS control message to any valid value.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/core/scm.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/core/scm.c b/net/core/scm.c index ab57084..57fb1ee 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -51,11 +51,11 @@ static __inline__ int scm_check_creds(struct ucred *creds) if (!uid_valid(uid) || !gid_valid(gid)) return -EINVAL; - if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && + if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) && ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || - uid_eq(uid, cred->suid)) || capable(CAP_SETUID)) && + uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || - gid_eq(gid, cred->sgid)) || capable(CAP_SETGID))) { + gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) { return 0; } return -EPERM; |