rpms/kernel/F-9 linux-2.6-netdev-tehuti-move-ioctl-perm-check-closer-to-function-start.patch, NONE, 1.1
Chuck Ebbert (cebbert)
fedora-extras-commits at redhat.com
Wed Apr 30 06:55:10 UTC 2008
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28582
Added Files:
linux-2.6-netdev-tehuti-move-ioctl-perm-check-closer-to-function-start.patch
Log Message:
add the second patch
linux-2.6-netdev-tehuti-move-ioctl-perm-check-closer-to-function-start.patch:
--- NEW FILE linux-2.6-netdev-tehuti-move-ioctl-perm-check-closer-to-function-start.patch ---
>From f946dffed6334f08da065a89ed65026ebf8b33b4 Mon Sep 17 00:00:00 2001
From: Jeff Garzik <jeff at garzik.org>
Date: Fri, 25 Apr 2008 03:11:31 -0400
Subject: tehuti: move ioctl perm check closer to function start (CVE-2008-1675)
From: Jeff Garzik <jeff at garzik.org>
Commit f946dffed6334f08da065a89ed65026ebf8b33b4 upstream
Noticed by davem.
Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/net/tehuti.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/net/tehuti.c
+++ b/drivers/net/tehuti.c
@@ -649,6 +649,9 @@ static int bdx_ioctl_priv(struct net_dev
DBG("%d 0x%x 0x%x\n", data[0], data[1], data[2]);
}
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
switch (data[0]) {
case BDX_OP_READ:
@@ -664,8 +667,6 @@ static int bdx_ioctl_priv(struct net_dev
break;
case BDX_OP_WRITE:
- if (!capable(CAP_NET_ADMIN))
- return -EPERM;
error = bdx_range_check(priv, data[1]);
if (error < 0)
return error;
More information about the fedora-extras-commits
mailing list