| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Sep 2019 09:35:44 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: netdev@...r.kernel.org
Cc: isdn@...ux-pingi.de, jreuter@...na.de, ralf@...ux-mips.org,
alex.aring@...il.com, stefan@...enfreihafen.org,
orinimron123@...il.com,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: [PATCH 0/5] Raw socket cleanups
Ori Nimron pointed out that there are a number of places in the kernel
where you can create a raw socket, without having to have the
CAP_NET_RAW permission.
To resolve this, here's a short patch series to test these odd and old
protocols for this permission before allowing the creation to succeed
All patches are currently against the net tree.
thanks,
greg k-h
Ori Nimron (5):
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
drivers/isdn/mISDN/socket.c | 2 ++
net/appletalk/ddp.c | 5 +++++
net/ax25/af_ax25.c | 2 ++
net/ieee802154/socket.c | 3 +++
net/nfc/llcp_sock.c | 7 +++++--
5 files changed, 17 insertions(+), 2 deletions(-)
--
2.23.0
Powered by blists - more mailing lists