aboutsummaryrefslogtreecommitdiffstats
path: root/misdn-enforce-cap_net_raw-for-raw-sockets.patch
diff options
context:
space:
mode:
Diffstat (limited to 'misdn-enforce-cap_net_raw-for-raw-sockets.patch')
-rw-r--r--misdn-enforce-cap_net_raw-for-raw-sockets.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/misdn-enforce-cap_net_raw-for-raw-sockets.patch b/misdn-enforce-cap_net_raw-for-raw-sockets.patch
new file mode 100644
index 0000000..12fa857
--- /dev/null
+++ b/misdn-enforce-cap_net_raw-for-raw-sockets.patch
@@ -0,0 +1,31 @@
+From foo@baz Tue 01 Oct 2019 04:24:08 PM CEST
+From: Ori Nimron <orinimron123@gmail.com>
+Date: Fri, 20 Sep 2019 09:35:45 +0200
+Subject: mISDN: enforce CAP_NET_RAW for raw sockets
+
+From: Ori Nimron <orinimron123@gmail.com>
+
+[ Upstream commit b91ee4aa2a2199ba4d4650706c272985a5a32d80 ]
+
+When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked
+first.
+
+Signed-off-by: Ori Nimron <orinimron123@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/isdn/mISDN/socket.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/isdn/mISDN/socket.c
++++ b/drivers/isdn/mISDN/socket.c
+@@ -763,6 +763,8 @@ base_sock_create(struct net *net, struct
+
+ if (sock->type != SOCK_RAW)
+ return -ESOCKTNOSUPPORT;
++ if (!capable(CAP_NET_RAW))
++ return -EPERM;
+
+ sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto);
+ if (!sk)
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-31 09:53:17 +0000