linux/drivers
Eric W. Biederman 39fda8db80 userns: Replace netlink uses of cap_raised with capable.
In 2009 Philip Reiser notied that a few users of netlink connector
interface needed a capability check and added the idiom
cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
that netlink was asynchronous.

In 2011 Patrick McHardy noticed we were being silly because netlink is
synchronous and removed eff_cap from the netlink_skb_params and changed
the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).

Looking at those spots with a fresh eye we should be calling
capable(CAP_SYS_ADMIN).  The only reason I can see for not calling
capable is that it once appeared we were not in the same task as the
caller which would have made calling capable() impossible.

In the initial user_namespace the only difference between  between
cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN)
are a few sanity checks and the fact that capable(CAP_SYS_ADMIN)
sets PF_SUPERPRIV if we use the capability.

Since we are going to be using root privilege setting PF_SUPERPRIV
seems the right thing to do.

The motivation for this that patch is that in a child user namespace
cap_raised(current_cap(),...) tests your capabilities with respect to
that child user namespace not capabilities in the initial user namespace
and thus will allow processes that should be unprivielged to use the
kernel services that are only protected with
cap_raised(current_cap(),..).

To fix possible user_namespace issues and to just clean up the code
replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
capable(CAP_SYS_ADMIN).

Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Philipp Reisner <philipp.reisner@linbit.com>
Cc: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-07 16:53:12 -07:00
..
accessibility
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
amba
ata 1) AHCI regression fix. A recent "make driver conform to spec" change 2012-03-22 20:22:30 -07:00
atm Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
auxdisplay
base Merge branch 'for-linus-3.4' of git://git.linaro.org/people/sumitsemwal/linux-dma-buf 2012-03-28 15:02:41 -07:00
bcma
block userns: Replace netlink uses of cap_raised with capable. 2012-04-07 16:53:12 -07:00
bluetooth Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
cdrom
char Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
clk clk: make CONFIG_COMMON_CLK invisible 2012-03-19 09:37:11 +00:00
clocksource Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-03-29 16:53:48 -07:00
connector
cpufreq Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
cpuidle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
crypto Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-03-22 18:15:32 -07:00
dca
devfreq ARM: global cleanups 2012-03-27 16:03:32 -07:00
dio
dma MTD merge for 3.4 2012-03-30 17:31:56 -07:00
edac Merge branch 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac 2012-03-28 14:24:40 -07:00
eisa
firewire Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
firmware
gpio Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-03-29 16:53:48 -07:00
gpu drm/i915: suspend fbdev device around suspend/hibernate 2012-03-29 07:44:27 +01:00
hid Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-03-23 14:39:09 -07:00
hv Tools: hv: Support enumeration from all the pools 2012-03-16 13:36:04 -07:00
hwmon MFD changes for 3.4 2012-03-28 13:56:35 -07:00
hwspinlock
i2c Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
ide Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
idle drivers/idle/intel_idle.c: fix confusing code identation 2012-03-21 17:54:54 -07:00
ieee802154
infiniband Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2012-03-29 23:17:44 -07:00
iommu The IOMMU updates for this round are not very large patch-wise. But 2012-03-23 14:15:07 -07:00
isdn Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
leds MFD changes for 3.4 2012-03-28 13:56:35 -07:00
lguest
macintosh Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
mca
md userns: Replace netlink uses of cap_raised with capable. 2012-04-07 16:53:12 -07:00
media ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
memstick memstick: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:19 +08:00
message Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
mfd Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
misc Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
mmc MTD merge for 3.4 2012-03-30 17:31:56 -07:00
mtd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-31 13:42:57 -07:00
net MTD merge for 3.4 2012-03-30 17:31:56 -07:00
nfc
nubus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
of GPIO changes for v3.4 2012-03-28 14:08:46 -07:00
oprofile tidy up after d_make_root() conversion 2012-03-20 21:29:37 -04:00
parisc Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
parport
pci ASPM: Fix pcie devices with non-pcie children 2012-03-31 12:49:56 -07:00
pcmcia Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2012-03-29 16:00:48 -07:00
pinctrl
platform Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2012-03-30 16:45:39 -07:00
power Various small bugfixes and enhancements, plus two new drivers: 2012-03-30 16:09:02 -07:00
pps
ps3
ptp phc: Update author's email address. 2012-03-17 01:41:43 -07:00
rapidio
regulator ARM: driver specific updates 2012-03-27 16:41:24 -07:00
remoteproc
rpmsg
rtc ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
s390 Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
sbus Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
scsi SCSI updates on 20120331 2012-03-31 13:31:23 -07:00
sfi
sh SuperH updates for 3.4 merge window 2012-03-30 00:09:17 -07:00
sn
spi Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-03-29 15:34:57 -07:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
staging Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2012-03-22 12:38:04 -07:00
tc
thermal thermal: Fix for setting the thermal zone mode to enable/disable 2012-03-22 01:10:18 -04:00
tty Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
uio
usb Documentation: remove references to /etc/modprobe.conf 2012-03-30 16:03:15 -07:00
uwb uwb: use for_each_clear_bit() 2012-03-23 16:58:34 -07:00
vhost Merge branch 'vhost-net' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost 2012-03-23 14:46:48 -04:00
video userns: Replace netlink uses of cap_raised with capable. 2012-04-07 16:53:12 -07:00
virt
virtio virtio-pci: switch to PM ops macro to initialise PM functions 2012-03-31 08:09:51 +05:30
vlynq
w1
watchdog ARM: cleanups of io includes 2012-03-29 18:02:10 -07:00
xen One tiny feature that accidentally got lost in the initial git pull: 2012-03-24 12:20:25 -07:00
zorro
Kconfig remoteproc/rpmsg: new subsystem 2012-03-27 16:30:09 -07:00
Makefile remoteproc/rpmsg: new subsystem 2012-03-27 16:30:09 -07:00