linux

iv/linux

Go to file

Michael Ellerman 78f7a7566f airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE The driver for Cisco Aironet 4500 and 4800 series cards (airo.c), implements AIROOLDIOCTL/SIOCDEVPRIVATE in airo_ioctl(). The ioctl handler copies an aironet_ioctl struct from userspace, which includes a command. Some of the commands are handled in readrids(), where the user controlled command is converted into a driver-internal value called "ridcode". There are two command values, AIROGWEPKTMP and AIROGWEPKNV, which correspond to ridcode values of RID_WEP_TEMP and RID_WEP_PERM respectively. These commands both have checks that the user has CAP_NET_ADMIN, with the comment that "Only super-user can read WEP keys", otherwise they return -EPERM. However there is another command value, AIRORRID, that lets the user specify the ridcode value directly, with no other checks. This means the user can bypass the CAP_NET_ADMIN check on AIROGWEPKTMP and AIROGWEPKNV. Fix it by moving the CAP_NET_ADMIN check out of the command handling and instead do it later based on the ridcode. That way regardless of whether the ridcode is set via AIROGWEPKTMP or AIROGWEPKNV, or passed in using AIRORID, we always do the CAP_NET_ADMIN check. Found by Ilja by code inspection, not tested as I don't have the required hardware. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-01-23 11:01:13 +01:00
arch	RISC-V updates for v5.5-rc7	2020-01-19 12:10:28 -08:00
block	block: fix an integer overflow in logical block size	2020-01-15 21:43:09 -07:00
certs
crypto
Documentation	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-19 12:03:53 -08:00
drivers	airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE	2020-01-23 11:01:13 +01:00
fs	io_uring-5.5-2020-01-16	2020-01-17 11:25:45 -08:00
include	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-19 12:03:53 -08:00
init	mm, debug_pagealloc: don't rely on static keys too early	2020-01-13 18:19:02 -08:00
ipc
kernel	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-19 12:03:53 -08:00
lib	lib/vdso: Make __cvdso_clock_getres() static	2020-01-10 19:29:01 +01:00
LICENSES
mm	mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid	2020-01-13 18:19:02 -08:00
net	net, ip6_tunnel: fix namespaces move	2020-01-22 21:13:40 +01:00
samples	samples/seccomp: Zero out members based on seccomp_notif_sizes	2020-01-02 13:03:39 -08:00
scripts	Kbuild fixes for v5.5 (2nd)	2020-01-03 11:21:25 -08:00
security	+ Bug fixes	2020-01-04 19:28:30 -08:00
sound	sound fixes for 5.5-rc7	2020-01-17 08:38:35 -08:00
tools	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-19 12:03:53 -08:00
usr	gen_initramfs_list.sh: fix 'bad variable name' error	2020-01-04 00:00:48 +09:00
virt	PPC KVM fix for 5.5	2019-12-22 13:18:15 +01:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap	MAINTAINERS: update my email address	2020-01-11 14:33:39 -08:00
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS	MAINTAINERS: Make Russell King designated reviewer of phylib	2020-01-23 08:25:53 +01:00
Makefile	Linux 5.5-rc6	2020-01-12 16:55:08 -08:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.