agp: remove uid comparison as security check

In the face of containers and user namespaces, a uid==0 check for security is not safe. Switch to a capability check. I'm not sure I picked the right capability, but this being AGP CAP_SYS_RAWIO seemed to make sense. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Dave Airlie <airlied@linux.ie> Signed-off-by: Willy Tarreau <w@1wt.eu>
author: serue@us.ibm.com <serue@us.ibm.com> 2007-12-05 21:55:36 -0800
committer: Willy Tarreau <w@1wt.eu> 2009-06-27 22:37:36 +0200
commit: 2759563e3f05fc4fdb00f162641f8e2a0d287c91 (patch)
tree: fa78d5c2ed13dac0ad51e3e717ae7b1b2e488778
parent: 14a0ed47e2c8c2eadf03d99caa566eff9072b491 (diff)
download: linux-2.4-2759563e3f05fc4fdb00f162641f8e2a0d287c91.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/agp/agpgart_fe.c b/drivers/char/agp/agpgart_fe.c
index cb22b75a497744..858c7ba20e968f 100644
--- a/drivers/char/agp/agpgart_fe.c
+++ b/drivers/char/agp/agpgart_fe.c
@@ -726,7 +726,7 @@ static int agp_open(struct inode *inode, struct file *file)
 	set_bit(AGP_FF_ALLOW_CLIENT, &priv->access_flags);
 	priv->my_pid = current->pid;
 
-	if ((current->uid == 0) || (current->suid == 0)) {
+	if (capable(CAP_SYS_RAWIO)) {
 		/* Root priv, can be controller */
 		set_bit(AGP_FF_ALLOW_CONTROLLER, &priv->access_flags);
 	}
author	serue@us.ibm.com <serue@us.ibm.com>	2007-12-05 21:55:36 -0800
committer	Willy Tarreau <w@1wt.eu>	2009-06-27 22:37:36 +0200
commit	2759563e3f05fc4fdb00f162641f8e2a0d287c91 (patch)
tree	fa78d5c2ed13dac0ad51e3e717ae7b1b2e488778
parent	14a0ed47e2c8c2eadf03d99caa566eff9072b491 (diff)
download	linux-2.4-2759563e3f05fc4fdb00f162641f8e2a0d287c91.tar.gz