| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Jun 2008 15:07:40 -0700 From: john stultz <johnstul@...ibm.com> To: Michael Kerrisk <mtk.manpages@...il.com> Cc: Roman Zippel <zippel@...ux-m68k.org>, lkml <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu> Subject: Re: [patch] ADJ_OFFSET_SS_READ and capabilities On Sun, 2008-06-22 at 09:32 +0200, Michael Kerrisk wrote: > Hi Roman, John, > > ADJ_OFFSET_SS_READ is a read-only operation. Therefore, it seems > reasonable not to require any capability (as is the case when 'modes' > is zero. See the patch below. Does this change seem reasonable? > > Cheers, > > Michael > > --- linux-2.6.26-rc5/kernel/time/ntp.c 2008-06-13 11:16:51.000000000 +0200 > +++ linux-2.6.26-rc5-p/kernel/time/ntp.c 2008-06-22 07:31:43.000000000 +0200 > @@ -281,7 +281,8 @@ > int result; > > /* In order to modify anything, you gotta be super-user! */ > - if (txc->modes && !capable(CAP_SYS_TIME)) > + if (txc->modes && txc->modes != ADJ_OFFSET_SS_READ && > + !capable(CAP_SYS_TIME)) > return -EPERM; > > /* Now we validate the data before disabling interrupts */ > Hey Michael, This seems like an ok change, but we'd first want to fix the issue you pointed out earlier which would make sure adjtimex() read calls don't cause side effects. thanks -john -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists