acrn-kernel/net
Eric Paris a8f80e8ff9 Networking: use CAP_NET_ADMIN when deciding to call request_module
The networking code checks CAP_SYS_MODULE before using request_module() to
try to load a kernel module.  While this seems reasonable it's actually
weakening system security since we have to allow CAP_SYS_MODULE for things
like /sbin/ip and bluetoothd which need to be able to trigger module loads.
CAP_SYS_MODULE actually grants those binaries the ability to directly load
any code into the kernel.  We should instead be protecting modprobe and the
modules on disk, rather than granting random programs the ability to load code
directly into the kernel.  Instead we are going to gate those networking checks
on CAP_NET_ADMIN which still limits them to root but which does not grant
those processes the ability to load arbitrary code into the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: James Morris <jmorris@namei.org>
2009-08-14 11:18:34 +10:00
..
9p 9p: Possible regression in p9_client_stat 2009-07-14 15:54:41 -05:00
802
8021q
appletalk headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
atm net: adding memory barrier to the poll and receive callbacks 2009-07-09 17:06:57 -07:00
ax25 net: Move rx skb_orphan call to where needed 2009-06-23 16:36:25 -07:00
bluetooth bluetooth: rfcomm_init bug fix 2009-08-03 13:24:39 -07:00
bridge net/bridge: use kobject_put to release kobject in br_add_if error path 2009-07-26 19:20:51 -07:00
can net/can: add module alias to can protocol drivers 2009-07-15 11:20:38 -07:00
core Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
dcb
dccp net-dccp: suppress warning about large allocations from DCCP 2009-07-29 19:10:36 -07:00
decnet decnet: Use rcu_barrier() on module unload. 2009-06-26 13:51:27 -07:00
dsa dsa: fix 88e6xxx statistics counter snapshotting 2009-07-05 18:03:35 -07:00
econet
ethernet
ieee802154 nl802154: add module license and description 2009-06-29 18:20:28 +04:00
ipv4 Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
ipv6 tcp: Use correct peer adr when copying MD5 keys 2009-07-20 07:49:08 -07:00
ipx headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-27 13:42:47 -07:00
iucv net: adding memory barrier to the poll and receive callbacks 2009-07-09 17:06:57 -07:00
key net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
lapb
llc net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
mac80211 mac80211: fix suspend 2009-07-29 14:52:01 -04:00
netfilter netfilter: nf_conntrack: nf_conntrack_alloc() fixes 2009-07-16 14:03:40 +02:00
netlabel net/netlabel: Add kmalloc NULL tests 2009-07-30 10:58:28 -07:00
netlink net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
netrom net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
packet net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
phonet Phonet: generate Netlink RTM_DELADDR when destroying a device 2009-06-25 02:58:16 -07:00
rds
rfkill rfkill: fix rfkill_set_states() to set the hw state 2009-07-21 12:07:38 -04:00
rose NET: ROSE: Don't use static buffer. 2009-07-26 19:11:14 -07:00
rxrpc net: adding memory barrier to the poll and receive callbacks 2009-07-09 17:06:57 -07:00
sched net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
sctp sctp: fix warning at inet_sock_destruct() while release sctp socket 2009-07-06 12:47:08 -07:00
sunrpc headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
tipc
unix net: adding memory barrier to the poll and receive callbacks 2009-07-09 17:06:57 -07:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax
wireless cfg80211: fix regression on beacon world roaming feature 2009-08-03 16:31:21 -04:00
x25 headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
xfrm xfrm: use xfrm_addr_cmp() instead of compare addresses directly 2009-06-29 19:41:46 -07:00
Kconfig
Makefile
TUNABLE
compat.c
nonet.c
socket.c
sysctl_net.c