[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Two netlink patches



On Wed, 2004-12-15 at 17:05, Serge Hallyn wrote:
<snip>
+static int cap_netlink_audit_check (struct sk_buff *skb)
+{
+	int msgtype = netlink_get_msgtype(skb);
+
+	switch(msgtype) {
+		case 0:  /* not an audit msg */
+
+		case AUDIT_GET:
+		case AUDIT_LIST:
+			return 0;
+
+		case AUDIT_SET:
+		case AUDIT_USER:
+		case AUDIT_LOGIN:
+
+		case AUDIT_ADD:
+		case AUDIT_DEL:
+			if (!capable(CAP_SYS_ADMIN))
+				return -EPERM;
+			return 0;
+
+		default:  /* permission denied: bad msg */
+			return msgtype;
+	}
<snip>

Shouldn't this function return -EPERM in the default case, not the
msgtype?

Also, do we truly need separate dummy and commoncap implementations, or
can capability re-use the dummy function (as long as it internally calls
the top-level capable function)?  Or do you plan on changing that to not
use the top-level capable function?

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]