[PATCH 5/8] dm/connector: Only process connector packages from privileged processes

[PATCH 0/8] SECURITY ISSUE with connector · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 1/8] connector: Keep the skb in cn_callback_data · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 2/8] connector: Provide the sender's credentials to the callback · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 3/8] connector/dm: Fixed a compilation warning · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 4/8] connector: Removed the destruct_data callback since it is always kfree_skb() · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 5/8] dm/connector: Only process connector packages from privileged processes · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 6/8] dst/connector: Disallow unpliviged users to configure dst · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 7/8] pohmelfs/connector: Disallow unpliviged users to configure pohmelfs · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
[PATCH 8/8] uvesafb/connector: Disallow unpliviged users to send netlink packets · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
Re: [PATCH 5/8] dm/connector: Only process connector packages from privileged processes · Jonathan Brassow <hidden> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Greg KH <hidden> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Philipp Reisner <philipp.reisner@linbit.com> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Greg KH <hidden> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · David Miller <davem@davemloft.net> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Lars Ellenberg <lars.ellenberg@linbit.com> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · David Miller <davem@davemloft.net> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Greg KH <hidden> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · David Miller <davem@davemloft.net> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Greg KH <hidden> · 2009-10-02
Re: [PATCH 0/8] SECURITY ISSUE with connector · Evgeniy Polyakov <hidden> · 2009-10-04
Re: [PATCH 0/8] SECURITY ISSUE with connector · Greg KH <hidden> · 2009-10-09

STALE6068d

From: Philipp Reisner <philipp.reisner@linbit.com>
Date: 2009-10-02 12:41:38
Also in: dm-devel, lkml, netdev
Subsystem: device-mapper (lvm), the rest · Maintainers: Alasdair Kergon, Mike Snitzer, Mikulas Patocka, Benjamin Marzinski, Linus Torvalds

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
---
 drivers/md/dm-log-userspace-transfer.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c
index 1327e1a..54abf9e 100644
--- a/drivers/md/dm-log-userspace-transfer.c
+++ b/drivers/md/dm-log-userspace-transfer.c

@@ -133,6 +133,9 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp)
 {
 	struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1);
 
+	if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+		return;
+
 	spin_lock(&receiving_list_lock);
 	if (msg->len == 0)
 		fill_pkg(msg, NULL);

-- 
1.6.0.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help