linux/net/ipv4
Björn Steinbrink 82fac0542e [NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer
The 32bit compatibility layer has no CAP_NET_ADMIN check in
compat_do_ipt_get_ctl, which for example allows to list the current
iptables rules even without having that capability (the non-compat
version requires it). Other capabilities might be required to exploit
the bug (eg. CAP_NET_RAW to get the nfnetlink socket?), so a plain user
can't exploit it, but a setup actually using the posix capability system
might very well hit such a constellation of granted capabilities.

Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-10-20 00:21:10 -07:00
..
ipvs [PATCH] ptrdiff_t is %t, not %z 2006-10-10 15:37:23 -07:00
netfilter [NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer 2006-10-20 00:21:10 -07:00
af_inet.c [IPV4]: struct ip_options annotations 2006-09-28 18:01:53 -07:00
ah4.c [XFRM]: Add XFRM_MODE_xxx for future use. 2006-09-22 15:05:15 -07:00
arp.c fix file specification in comments 2006-10-03 23:01:26 +02:00
cipso_ipv4.c NetLabel: the CIPSOv4 passthrough mapping does not pass categories correctly 2006-10-15 23:14:16 -07:00
datagram.c [IPV4]: ip_route_connect() ipv4 address arguments annotated 2006-09-28 17:54:06 -07:00
devinet.c [IPV4]: annotate inetdev.h helpers 2006-09-28 18:01:05 -07:00
esp4.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
fib_frontend.c [IPv4] fib: Remove unused fib_config members 2006-10-18 20:26:36 -07:00
fib_hash.c [IPV4]: trivial fib_hash.c annotations 2006-09-28 18:01:11 -07:00
fib_lookup.h [IPV4]: net/ipv4/fib annotations 2006-09-28 18:02:23 -07:00
fib_rules.c [IPV4]: FRA_{DST,SRC} annotated 2006-09-28 18:02:24 -07:00
fib_semantics.c [IPV4]: net/ipv4/fib annotations 2006-09-28 18:02:23 -07:00
fib_trie.c [IPV4] fib_trie.c: trivial annotations 2006-09-28 18:01:14 -07:00
icmp.c [IPV4] net/ipv4/icmp.c: trivial annotations 2006-09-28 18:02:19 -07:00
igmp.c [IPV4]: trivial igmp annotations 2006-09-28 18:02:02 -07:00
inet_connection_sock.c [IPV4]: inet_rcv_saddr() annotations 2006-09-28 18:02:28 -07:00
inet_diag.c [IPV4]: inet_diag annotations 2006-09-28 18:02:29 -07:00
inet_hashtables.c [IPV4]: annotate inet_lookup() and friends 2006-09-28 18:02:26 -07:00
inet_timewait_sock.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
inetpeer.c [NET]: reduce sizeof(struct inet_peer), cleanup, change in peer_check_expire() 2006-10-15 23:14:17 -07:00
ip_forward.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ip_fragment.c [IPV4]: ip_fragment.c endianness annotations 2006-09-28 18:01:09 -07:00
ip_gre.c [NET]: Use hton{l,s}() for non-initializers. 2006-10-11 23:59:56 -07:00
ip_input.c [IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags. 2006-07-24 23:45:16 -07:00
ip_options.c [IPV4]: trivial ip_options.c annotations 2006-09-28 18:01:55 -07:00
ip_output.c [IPV4]: struct ip_options annotations 2006-09-28 18:01:53 -07:00
ip_sockglue.c [IPV4]: ip_icmp_error() annotations 2006-09-28 18:02:09 -07:00
ipcomp.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
ipconfig.c [PATCH] namespaces: utsname: use init_utsname when appropriate 2006-10-02 07:57:21 -07:00
ipip.c [IPV4]: ipip and ip_gre encapsulation bugs 2006-09-22 15:19:43 -07:00
ipmr.c [IPV4]: mroute annotations 2006-09-28 18:02:22 -07:00
Kconfig [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
Makefile [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
multipath_drr.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_random.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_rr.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_wrandom.c [IPV4] bug: broken open-coded inet_make_mask() (multipath_wrandom) 2006-09-28 18:01:17 -07:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
netfilter.c [NETFILTER]: add type parameter to ip_route_me_harder 2006-10-04 00:30:54 -07:00
proc.c [IPV4]: add the UdpSndbufErrors and UdpRcvbufErrors MIBs 2006-09-22 14:54:41 -07:00
protocol.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
raw.c [IPV4]: struct ipcm_cookie annotation 2006-09-28 18:01:54 -07:00
route.c [NET]: Do not memcmp() over pad bytes of struct flowi. 2006-10-12 00:49:15 -07:00
syncookies.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
sysctl_net_ipv4.c [TCP]: default congestion control menu 2006-09-24 20:11:58 -07:00
tcp_bic.c [TCP] tcp_bic: use BUILD_BUG_ON 2006-09-22 15:18:04 -07:00
tcp_cong.c [TCP]: default congestion control menu 2006-09-24 20:11:58 -07:00
tcp_cubic.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_diag.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_highspeed.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_htcp.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_hybla.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_input.c [TCP]: Kill warning in tcp_clean_rtx_queue(). 2006-10-04 00:31:08 -07:00
tcp_ipv4.c [NET]: Use typesafe inet_twsk() inline function instead of cast. 2006-10-11 23:59:58 -07:00
tcp_lp.c [TCP] tcp-lp: prevent chance for oops 2006-09-28 18:03:07 -07:00
tcp_minisocks.c [NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly 2006-09-22 14:55:03 -07:00
tcp_output.c [TCP]: Bound TSO defer time 2006-10-18 20:36:48 -07:00
tcp_probe.c [PATCH] Kprobes: Make kprobe modules more portable 2006-10-02 07:57:16 -07:00
tcp_scalable.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_timer.c [NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly 2006-09-22 14:55:03 -07:00
tcp_vegas.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_veno.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_westwood.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp.c [TCP]: Send ACKs each 2nd received segment. 2006-09-22 15:19:05 -07:00
tunnel4.c [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 2006-04-09 22:25:25 -07:00
udp.c [UDP]: Fix MSG_PROBE crash 2006-10-04 00:31:00 -07:00
xfrm4_input.c [XFRM]: xfrm_parse_spi() annotations 2006-09-28 18:02:39 -07:00
xfrm4_mode_beet.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
xfrm4_mode_transport.c [IPSEC]: output mode to take an xfrm state as input param 2006-09-22 15:18:48 -07:00
xfrm4_mode_tunnel.c [IPSEC]: output mode to take an xfrm state as input param 2006-09-22 15:18:48 -07:00
xfrm4_output.c [IPSEC]: output mode to take an xfrm state as input param 2006-09-22 15:18:48 -07:00
xfrm4_policy.c IPsec: correct semantics for SELinux policy matching 2006-10-11 23:59:37 -07:00
xfrm4_state.c [XFRM]: ports in struct xfrm_selector annotated 2006-09-28 18:02:33 -07:00
xfrm4_tunnel.c [XFRM]: Add XFRM_MODE_xxx for future use. 2006-09-22 15:05:15 -07:00