diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-16 03:03:03 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-11-18 20:32:45 -0500 |
commit | 00f70de09c418bfb028d03f046e39c1d301db7b2 (patch) | |
tree | 64d7445491c57decffaf71df79e0671c8b7324b0 | |
parent | 86937c05cb44654649a089744cd49ab0dc6873a8 (diff) | |
download | linux-00f70de09c418bfb028d03f046e39c1d301db7b2.tar.bz2 |
net: Allow userns root to force the scm creds
If the user calling sendmsg has the appropriate privieleges
in their user namespace allow them to set the uid, gid, and
pid in the SCM_CREDENTIALS control message to any valid value.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/core/scm.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/core/scm.c b/net/core/scm.c index ab570841a532..57fb1ee6649f 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -51,11 +51,11 @@ static __inline__ int scm_check_creds(struct ucred *creds) if (!uid_valid(uid) || !gid_valid(gid)) return -EINVAL; - if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && + if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) && ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || - uid_eq(uid, cred->suid)) || capable(CAP_SETUID)) && + uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || - gid_eq(gid, cred->sgid)) || capable(CAP_SETGID))) { + gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) { return 0; } return -EPERM; |