diff options
author | Matthias-Christian Ott <ott@mirix.org> | 2014-05-08 21:58:12 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2014-05-08 21:58:12 +0800 |
commit | c568398aa05f852592d0e2b1dc893e6c5c14971c (patch) | |
tree | 222b91790ea0dee106e90a9fa22839d7e116bc1a /crypto | |
parent | da37503d37bb6ae72cca0b4d729c153f04b9f0cc (diff) | |
download | lwn-c568398aa05f852592d0e2b1dc893e6c5c14971c.tar.gz lwn-c568398aa05f852592d0e2b1dc893e6c5c14971c.zip |
crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN
CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information
provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules
and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that
processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher
details, such as cipher priorities, for AF_ALG.
Signed-off-by: Matthias-Christian Ott <ott@mirix.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/crypto_user.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c index 1512e41cd93d..aa906b8fdd17 100644 --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c @@ -265,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; LIST_HEAD(list); + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) return -EINVAL; @@ -295,6 +298,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, struct crypto_alg *alg; struct crypto_user_alg *p = nlmsg_data(nlh); + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) return -EINVAL; @@ -379,6 +385,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, struct crypto_user_alg *p = nlmsg_data(nlh); struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) return -EINVAL; @@ -466,9 +475,6 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) type -= CRYPTO_MSG_BASE; link = &crypto_dispatch[type]; - if (!capable(CAP_NET_ADMIN)) - return -EPERM; - if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) && (nlh->nlmsg_flags & NLM_F_DUMP))) { struct crypto_alg *alg; |