1. 08 10月, 2013 1 次提交
    • E
      net: Update the sysctl permissions handler to test effective uid/gid · 88ba09df
      Eric W. Biederman 提交于
      On Tue, 20 Aug 2013 11:40:04 -0500 Eric Sandeen <sandeen@redhat.com> wrote:
      > This was brought up in a Red Hat bug (which may be marked private, I'm sorry):
      >
      > Bug 987055 - open O_WRONLY succeeds on some root owned files in /proc for process running with unprivileged EUID
      >
      > "On RHEL7 some of the files in /proc can be opened for writing by an unprivileged EUID."
      >
      > The flaw existed upstream as well last I checked.
      >
      > This commit in kernel v3.8 caused the regression:
      >
      > commit cff10976
      > Author: Eric W. Biederman <ebiederm@xmission.com>
      > Date:   Fri Nov 16 03:03:01 2012 +0000
      >
      >     net: Update the per network namespace sysctls to be available to the network namespace owner
      >
      >     - Allow anyone with CAP_NET_ADMIN rights in the user namespace of the
      >       the netowrk namespace to change sysctls.
      >     - Allow anyone the uid of the user namespace root the same
      >       permissions over the network namespace sysctls as the global root.
      >     - Allow anyone with gid of the user namespace root group the same
      >       permissions over the network namespace sysctl as the global root group.
      >
      >     Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
      >     Signed-off-by: David S. Miller <davem@davemloft.net>
      >
      > because it changed /sys/net's special permission handler to test current_uid, not
      > current_euid; same for current_gid/current_egid.
      >
      > So in this case, root cannot drop privs via set[ug]id, and retains all privs
      > in this codepath.
      
      Modify the code to use current_euid(), and in_egroup_p, as in done
      in fs/proc/proc_sysctl.c:test_perm()
      
      Cc: stable@vger.kernel.org
      Reviewed-by: NEric Sandeen <sandeen@redhat.com>
      Reported-by: NEric Sandeen <sandeen@redhat.com>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      88ba09df
  2. 07 10月, 2013 1 次提交
  3. 19 11月, 2012 3 次提交
  4. 16 5月, 2012 1 次提交
    • P
      net: delete all instances of special processing for token ring · 211ed865
      Paul Gortmaker 提交于
      We are going to delete the Token ring support.  This removes any
      special processing in the core networking for token ring, (aside
      from net/tr.c itself), leaving the drivers and remaining tokenring
      support present but inert.
      
      The mass removal of the drivers and net/tr.c will be in a separate
      commit, so that the history of these files that we still care
      about won't have the giant deletion tied into their history.
      Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      211ed865
  5. 21 4月, 2012 5 次提交
  6. 25 1月, 2012 5 次提交
  7. 01 11月, 2011 1 次提交
  8. 18 5月, 2010 1 次提交
  9. 18 1月, 2010 1 次提交
  10. 16 3月, 2009 1 次提交
  11. 28 7月, 2008 1 次提交
    • A
      missing bits of net-namespace / sysctl · eeb61f71
      Al Viro 提交于
      Piss-poor sysctl registration API strikes again, film at 11...
      
      What we really need is _pathname_ required to be present in already
      registered table, so that kernel could warn about bad order.  That's the
      next target for sysctl stuff (and generally saner and more explicit
      order of initialization of ipv[46] internals wouldn't hurt either).
      
      For the time being, here are full fixups required by ..._rotable()
      stuff; we make per-net sysctl sets descendents of "ro" one and make sure
      that sufficient skeleton is there before we start registering per-net
      sysctls.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      eeb61f71
  12. 27 7月, 2008 2 次提交
    • A
      net: missing bits of net-namespace / sysctl · 6f9f489a
      Al Viro 提交于
      Piss-poor sysctl registration API strikes again, film at 11...
      What we really need is _pathname_ required to be present in
      already registered table, so that kernel could warn about bad
      order.  That's the next target for sysctl stuff (and generally
      saner and more explicit order of initialization of ipv[46]
      internals wouldn't hurt either).
      
      For the time being, here are full fixups required by ..._rotable()
      stuff; we make per-net sysctl sets descendents of "ro" one and
      make sure that sufficient skeleton is there before we start registering
      per-net sysctls.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6f9f489a
    • A
      [PATCH] beginning of sysctl cleanup - ctl_table_set · 73455092
      Al Viro 提交于
      New object: set of sysctls [currently - root and per-net-ns].
      Contains: pointer to parent set, list of tables and "should I see this set?"
      method (->is_seen(set)).
      Current lists of tables are subsumed by that; net-ns contains such a beast.
      ->lookup() for ctl_table_root returns pointer to ctl_table_set instead of
      that to ->list of that ctl_table_set.
      
      [folded compile fixes by rdd for configs without sysctl]
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      73455092
  13. 26 7月, 2008 1 次提交
    • S
      sysctl: allow override of /proc/sys/net with CAP_NET_ADMIN · 4ecb9009
      Stephen Hemminger 提交于
      Extend the permission check for networking sysctl's to allow modification
      when current process has CAP_NET_ADMIN capability and is not root.  This
      version uses the until now unused permissions hook to override the mode
      value for /proc/sys/net if accessed by a user with capabilities.
      
      Found while working with Quagga.  It is impossible to turn forwarding
      on/off through the command interface because Quagga uses secure coding
      practice of dropping privledges during initialization and only raising via
      capabilities when necessary.  Since the dameon has reset real/effective
      uid after initialization, all attempts to access /proc/sys/net variables
      will fail.
      Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
      Acked-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Cc: Andrew Morgan <morgan@kernel.org>
      Cc: Pavel Emelyanov <xemul@openvz.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4ecb9009
  14. 12 6月, 2008 1 次提交
  15. 20 5月, 2008 1 次提交
  16. 01 5月, 2008 1 次提交
  17. 29 1月, 2008 5 次提交
  18. 01 7月, 2006 1 次提交
  19. 06 6月, 2006 1 次提交
  20. 04 10月, 2005 1 次提交
  21. 30 8月, 2005 1 次提交
  22. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4
反馈
建议
客服 返回
顶部