| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Jun 2008 09:32:59 +0200 From: Michael Kerrisk <mtk.manpages@...il.com> To: Michael Kerrisk <mtk.manpages@...il.com> CC: Roman Zippel <zippel@...ux-m68k.org>, lkml <linux-kernel@...r.kernel.org>, john stultz <johnstul@...ibm.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu> Subject: [patch] ADJ_OFFSET_SS_READ and capabilities Hi Roman, John, ADJ_OFFSET_SS_READ is a read-only operation. Therefore, it seems reasonable not to require any capability (as is the case when 'modes' is zero. See the patch below. Does this change seem reasonable? Cheers, Michael --- linux-2.6.26-rc5/kernel/time/ntp.c 2008-06-13 11:16:51.000000000 +0200 +++ linux-2.6.26-rc5-p/kernel/time/ntp.c 2008-06-22 07:31:43.000000000 +0200 @@ -281,7 +281,8 @@ int result; /* In order to modify anything, you gotta be super-user! */ - if (txc->modes && !capable(CAP_SYS_TIME)) + if (txc->modes && txc->modes != ADJ_OFFSET_SS_READ && + !capable(CAP_SYS_TIME)) return -EPERM; /* Now we validate the data before disabling interrupts */ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists