[PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm

[RFC] tcp: setsockopt congestion control autoload · Stephen Hemminger <hidden> · 2006-10-25
Re: [RFC] tcp: setsockopt congestion control autoload · Patrick McHardy <hidden> · 2006-10-25
Re: [RFC] tcp: setsockopt congestion control autoload · Evgeniy Polyakov <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · Stephen Hemminger <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · Evgeniy Polyakov <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · Stephen Hemminger <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · Patrick McHardy <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · David Miller <davem@davemloft.net> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · John Heffner <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · David Miller <davem@davemloft.net> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · Hagen Paul Pfeifer <hidden> · 2006-10-26
Re: [RFC] tcp: setsockopt congestion control autoload · John Heffner <hidden> · 2006-10-26
[PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Hagen Paul Pfeifer <hidden> · 2006-10-26
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Ian McDonald <hidden> · 2006-10-26
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Ian McDonald <hidden> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Hagen Paul Pfeifer <hidden> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Stephen Hemminger <hidden> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Hagen Paul Pfeifer <hidden> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Stephen Hemminger <hidden> · 2006-10-27
[PATCH] tcp: don't allow unfair congestion control to be built without warning · Stephen Hemminger <hidden> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · John Heffner <hidden> · 2006-10-27
[PATCH] tcp: allow restricting congestion control choices · Stephen Hemminger <hidden> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · Stephen Hemminger <hidden> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · Stephen Hemminger <hidden> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · Stephen Hemminger <hidden> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] tcp: don't allow unfair congestion control to be built without warning · Stephen Hemminger <hidden> · 2006-10-28
[RFC] tcp: available congetsion control · Stephen Hemminger <hidden> · 2006-10-28
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · David Miller <davem@davemloft.net> · 2006-10-27
Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm · Stephen Hemminger <hidden> · 2006-10-27
[PATCH] tcp: setsockopt congestion control autoload · Stephen Hemminger <hidden> · 2006-10-27

STALE7168d

From: Hagen Paul Pfeifer <hidden>
Date: 2006-10-26 23:52:57
Subsystem: networking [general], networking [tcp], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Neal Cardwell, Linus Torvalds

Check if user has CAP_NET_ADMIN capability to change congestion control
algorithm.

Under normal circumstances a application programmer doesn't have enough
information to choose the "right" algorithm (expect he is the pchar/pathchar
maintainer). At 99.9% only the local host administrator has the knowledge to
select a proper standard, system-wide algorithm (the remaining 0.1% are
for testing purpose). If we let the user select an alternative algorithm we
introduce one potential weak spot - so we ban this eventuality.

HGN


Signed-off-by: Hagen Paul Pfeifer <redacted>

diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index af0aca1..c1ae2e9 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c

@@ -10,6 +10,7 @@ #include <linux/module.h>
 #include <linux/mm.h>
 #include <linux/types.h>
 #include <linux/list.h>
+#include <linux/capability.h>
 #include <net/tcp.h>

 static DEFINE_SPINLOCK(tcp_cong_list_lock);

@@ -151,6 +152,9 @@ int tcp_set_congestion_control(struct so
        struct tcp_congestion_ops *ca;
        int err = 0;

+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        rcu_read_lock();
        ca = tcp_ca_find(name);
        if (ca == icsk->icsk_ca_ops)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help