[PATCH] wext: Fix RtNetlink ENCODE security permissions
authorJean Tourrilhes <jt@hpl.hp.com>
Fri, 14 Apr 2006 17:47:26 +0000 (10:47 -0700)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 19 Apr 2006 21:25:41 +0000 (17:25 -0400)
I've just realised that the RtNetlink code does not check the
permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
any user can read the encryption keys. The fix is trivial and should
go in 2.6.17 alonside the two other patch I sent you last week.

Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/core/wireless.c

index 81d6995fcfdb30bd684b839626a0145fd079bd31..d2bc72d318f7bdb41dc4ab9c1ab3c08978c5af4e 100644 (file)
@@ -1726,6 +1726,14 @@ int wireless_rtnetlink_get(struct net_device *   dev,
        if(!IW_IS_GET(request->cmd))
                return -EOPNOTSUPP;
 
+       /* If command is `get the encoding parameters', check if
+        * the user has the right to do it */
+       if (request->cmd == SIOCGIWENCODE ||
+           request->cmd == SIOCGIWENCODEEXT) {
+               if (!capable(CAP_NET_ADMIN))
+                       return -EPERM;
+       }
+
        /* Special cases */
        if(request->cmd == SIOCGIWSTATS)
                /* Get Wireless Stats */