Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-11-07 04:09:21 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/sched
History
Eric W. Biederman 1141a45580 net: Use netlink_ns_capable to verify the permisions of netlink messages 
[ Upstream commit 90f62cf30a78721641e08737bda787552428061e ]

It is possible by passing a netlink socket to a more privileged
executable and then to fool that executable into writing to the socket
data that happens to be valid netlink message to do something that
privileged executable did not intend to do.

To keep this from happening replace bare capable and ns_capable calls
with netlink_capable, netlink_net_calls and netlink_ns_capable calls.
Which act the same as the previous calls except they verify that the
opener of the socket had the desired permissions as well.

Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-26 15:12:37 -04:00
..
act_api.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
act_csum.c act_csum: fix possible use after free 2013-04-12 15:25:41 -04:00
act_gact.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_ipt.c net_sched: act_ipt forward compat with xtables 2013-05-01 13:19:19 -04:00
act_mirred.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_nat.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_pedit.c net: Add skb_unclone() helper function. 2013-02-15 15:10:37 -05:00
act_police.c net_sched: restore "overhead xxx" handling 2013-06-02 22:22:35 -07:00
act_simple.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_skbedit.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_api.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
cls_basic.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_cgroup.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_flow.c netlink: rename ssk to sk in struct netlink_skb_params 2013-04-19 14:57:56 -04:00
cls_fw.c pkt_sched: fix error return code in fw_change_attrs() 2013-04-19 17:34:53 -04:00
cls_route.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_rsvp.c
cls_rsvp.h pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_rsvp6.c
cls_tcindex.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_u32.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
em_canid.c
em_cmp.c
em_ipset.c netfilter: ipset: Introduce extensions to elements in the core 2013-04-29 20:08:54 +02:00
em_meta.c net: use a per task frag allocator 2012-09-24 16:31:37 -04:00
em_nbyte.c
em_text.c
em_u32.c
ematch.c
Kconfig net: sched: enable CAN Identifier to be build into kernel 2012-11-25 16:06:06 -05:00
Makefile net: sched: add ipset ematch 2012-07-12 07:54:46 -07:00
sch_api.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
sch_atm.c net_sched: info leak in atm_tc_dump_class() 2013-08-11 18:35:26 -07:00
sch_blackhole.c
sch_cbq.c net_sched: Fix stack info leak in cbq_dump_wrr(). 2013-08-11 18:35:25 -07:00
sch_choke.c net/sched: rename random32() to prandom_u32() 2013-04-29 18:28:43 -07:00
sch_codel.c
sch_drr.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
sch_dsmark.c
sch_fifo.c
sch_fq_codel.c net: fq_codel: Fix off-by-one error 2013-03-29 15:32:23 -04:00
sch_generic.c net_sched: restore "linklayer atm" handling 2013-09-14 06:54:55 -07:00
sch_gred.c net_sched: gred: actually perform idling in WRED mode 2012-09-13 16:10:13 -04:00
sch_hfsc.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
sch_htb.c net_sched: htb: fix a typo in htb_change_class() 2013-10-13 16:08:29 -07:00
sch_ingress.c
sch_mq.c pkt_sched: avoid requeues if possible 2012-12-12 00:16:47 -05:00
sch_mqprio.c pkt_sched: avoid requeues if possible 2012-12-12 00:16:47 -05:00
sch_multiq.c
sch_netem.c netem: fix delay calculation in rate extension 2013-01-29 15:43:02 -05:00
sch_plug.c
sch_prio.c
sch_qfq.c pkt_sched: sch_qfq: remove a source of high packet delay/jitter 2013-07-28 16:30:04 -07:00
sch_red.c
sch_sfb.c sch_sfb: Fix missing NULL check 2012-07-12 08:33:18 -07:00
sch_sfq.c
sch_tbf.c net_sched: restore "overhead xxx" handling 2013-06-02 22:22:35 -07:00
sch_teql.c