lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0710210152210.1997@fbirervta.pbzchgretzou.qr>
Date:	Sun, 21 Oct 2007 01:52:40 +0200 (CEST)
From:	Jan Engelhardt <jengelh@...putergmbh.de>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
cc:	James Morris <jmorris@...ei.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH 2/4] MultiAdmin 1.0.7


[PATCH 2/4] Use of capable_light()

capable() now behaves like (capable_light() && is_superadm). Since some
operations are allowed by subadmins too, it suffices to use
capable_light().


Signed-off-by: Jan Engelhardt <jengelh@....de>, May 01 2006
Modified July 11 2006

---
 arch/alpha/kernel/pci-noop.c |    2 +-
 drivers/char/lp.c            |    2 +-
 drivers/firmware/efivars.c   |    2 +-
 drivers/pci/pci-sysfs.c      |    2 +-
 drivers/pci/proc.c           |    2 +-
 drivers/pci/syscall.c        |    2 +-
 fs/quota.c                   |    8 ++++----
 ipc/msg.c                    |    2 +-
 ipc/sem.c                    |    2 +-
 ipc/shm.c                    |    4 ++--
 10 files changed, 14 insertions(+), 14 deletions(-)

Index: linux-2.6.23.1/arch/alpha/kernel/pci-noop.c
===================================================================
--- linux-2.6.23.1.orig/arch/alpha/kernel/pci-noop.c
+++ linux-2.6.23.1/arch/alpha/kernel/pci-noop.c
@@ -89,7 +89,7 @@ asmlinkage long
 sys_pciconfig_read(unsigned long bus, unsigned long dfn,
 		   unsigned long off, unsigned long len, void *buf)
 {
-	if (!capable(CAP_SYS_ADMIN))
+	if (!capable_light(CAP_SYS_ADMIN))
 		return -EPERM;
 	else
 		return -ENODEV;
Index: linux-2.6.23.1/drivers/char/lp.c
===================================================================
--- linux-2.6.23.1.orig/drivers/char/lp.c
+++ linux-2.6.23.1/drivers/char/lp.c
@@ -627,7 +627,7 @@ static int lp_ioctl(struct inode *inode,
 			if (copy_to_user(argp, &LP_STAT(minor),
 					sizeof(struct lp_stats)))
 				return -EFAULT;
-			if (capable(CAP_SYS_ADMIN))
+			if (capable_light(CAP_SYS_ADMIN))
 				memset(&LP_STAT(minor), 0,
 						sizeof(struct lp_stats));
 			break;
Index: linux-2.6.23.1/drivers/firmware/efivars.c
===================================================================
--- linux-2.6.23.1.orig/drivers/firmware/efivars.c
+++ linux-2.6.23.1/drivers/firmware/efivars.c
@@ -351,7 +351,7 @@ static ssize_t efivar_attr_show(struct k
 	struct efivar_attribute *efivar_attr = to_efivar_attr(attr);
 	ssize_t ret = -EIO;
 
-	if (!capable(CAP_SYS_ADMIN))
+	if (!capable_light(CAP_SYS_ADMIN))
 		return -EACCES;
 
 	if (efivar_attr->show) {
Index: linux-2.6.23.1/drivers/pci/pci-sysfs.c
===================================================================
--- linux-2.6.23.1.orig/drivers/pci/pci-sysfs.c
+++ linux-2.6.23.1/drivers/pci/pci-sysfs.c
@@ -222,7 +222,7 @@ pci_read_config(struct kobject *kobj, st
 	u8 *data = (u8*) buf;
 
 	/* Several chips lock up trying to read undefined config space */
-	if (capable(CAP_SYS_ADMIN)) {
+	if (capable_light(CAP_SYS_ADMIN)) {
 		size = dev->cfg_size;
 	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
 		size = 128;
Index: linux-2.6.23.1/drivers/pci/proc.c
===================================================================
--- linux-2.6.23.1.orig/drivers/pci/proc.c
+++ linux-2.6.23.1/drivers/pci/proc.c
@@ -59,7 +59,7 @@ proc_bus_pci_read(struct file *file, cha
 	 * undefined locations (think of Intel PIIX4 as a typical example).
 	 */
 
-	if (capable(CAP_SYS_ADMIN))
+	if (capable_light(CAP_SYS_ADMIN))
 		size = dev->cfg_size;
 	else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS)
 		size = 128;
Index: linux-2.6.23.1/drivers/pci/syscall.c
===================================================================
--- linux-2.6.23.1.orig/drivers/pci/syscall.c
+++ linux-2.6.23.1/drivers/pci/syscall.c
@@ -26,7 +26,7 @@ sys_pciconfig_read(unsigned long bus, un
 	long err;
 	long cfg_ret;
 
-	if (!capable(CAP_SYS_ADMIN))
+	if (!capable_light(CAP_SYS_ADMIN))
 		return -EPERM;
 
 	err = -ENODEV;
Index: linux-2.6.23.1/fs/quota.c
===================================================================
--- linux-2.6.23.1.orig/fs/quota.c
+++ linux-2.6.23.1/fs/quota.c
@@ -82,11 +82,11 @@ static int generic_quotactl_valid(struct
 	if (cmd == Q_GETQUOTA) {
 		if (((type == USRQUOTA && current->euid != id) ||
 		     (type == GRPQUOTA && !in_egroup_p(id))) &&
-		    !capable(CAP_SYS_ADMIN))
+		    !capable_light(CAP_SYS_ADMIN))
 			return -EPERM;
 	}
 	else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO)
-		if (!capable(CAP_SYS_ADMIN))
+		if (!capable_light(CAP_SYS_ADMIN))
 			return -EPERM;
 
 	return 0;
@@ -133,10 +133,10 @@ static int xqm_quotactl_valid(struct sup
 	if (cmd == Q_XGETQUOTA) {
 		if (((type == XQM_USRQUOTA && current->euid != id) ||
 		     (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
-		     !capable(CAP_SYS_ADMIN))
+		     !capable_light(CAP_SYS_ADMIN))
 			return -EPERM;
 	} else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) {
-		if (!capable(CAP_SYS_ADMIN))
+		if (!capable_light(CAP_SYS_ADMIN))
 			return -EPERM;
 	}
 
Index: linux-2.6.23.1/ipc/msg.c
===================================================================
--- linux-2.6.23.1.orig/ipc/msg.c
+++ linux-2.6.23.1/ipc/msg.c
@@ -518,7 +518,7 @@ asmlinkage long sys_msgctl(int msqid, in
 
 	err = -EPERM;
 	if (current->euid != ipcp->cuid &&
-	    current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN))
+	    current->euid != ipcp->uid && !capable_light(CAP_SYS_ADMIN))
 		/* We _could_ check for CAP_CHOWN above, but we don't */
 		goto out_unlock_up;
 
Index: linux-2.6.23.1/ipc/sem.c
===================================================================
--- linux-2.6.23.1.orig/ipc/sem.c
+++ linux-2.6.23.1/ipc/sem.c
@@ -883,7 +883,7 @@ static int semctl_down(struct ipc_namesp
 			goto out_unlock;
 	}
 	if (current->euid != ipcp->cuid && 
-	    current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
+	    current->euid != ipcp->uid && !capable_light(CAP_SYS_ADMIN)) {
 	    	err=-EPERM;
 		goto out_unlock;
 	}
Index: linux-2.6.23.1/ipc/shm.c
===================================================================
--- linux-2.6.23.1.orig/ipc/shm.c
+++ linux-2.6.23.1/ipc/shm.c
@@ -756,7 +756,7 @@ asmlinkage long sys_shmctl (int shmid, i
 
 		if (current->euid != shp->shm_perm.uid &&
 		    current->euid != shp->shm_perm.cuid && 
-		    !capable(CAP_SYS_ADMIN)) {
+		    !capable_light(CAP_SYS_ADMIN)) {
 			err=-EPERM;
 			goto out_unlock_up;
 		}
@@ -793,7 +793,7 @@ asmlinkage long sys_shmctl (int shmid, i
 		err=-EPERM;
 		if (current->euid != shp->shm_perm.uid &&
 		    current->euid != shp->shm_perm.cuid && 
-		    !capable(CAP_SYS_ADMIN)) {
+		    !capable_light(CAP_SYS_ADMIN)) {
 			goto out_unlock_up;
 		}
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ