提交 62f29bab 编写于 作者: S serue@us.ibm.com 提交者: Dave Airlie

agp: remove uid comparison as security check

In the face of containers and user namespaces, a uid==0 check for
security is not safe.  Switch to a capability check.

I'm not sure I picked the right capability, but this being AGP
CAP_SYS_RAWIO seemed to make sense.
Signed-off-by: NSerge Hallyn <serue@us.ibm.com>
Signed-off-by: NDave Airlie <airlied@linux.ie>
上级 1fa4db7d
......@@ -689,7 +689,7 @@ static int agp_open(struct inode *inode, struct file *file)
set_bit(AGP_FF_ALLOW_CLIENT, &priv->access_flags);
priv->my_pid = current->pid;
if ((current->uid == 0) || (current->suid == 0)) {
if (capable(CAP_SYS_RAWIO)) {
/* Root priv, can be controller */
set_bit(AGP_FF_ALLOW_CONTROLLER, &priv->access_flags);
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册