Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/drivers
History
Eric Paris a8f80e8ff9 Networking: use CAP_NET_ADMIN when deciding to call request_module 
The networking code checks CAP_SYS_MODULE before using request_module() to
try to load a kernel module.  While this seems reasonable it's actually
weakening system security since we have to allow CAP_SYS_MODULE for things
like /sbin/ip and bluetoothd which need to be able to trigger module loads.
CAP_SYS_MODULE actually grants those binaries the ability to directly load
any code into the kernel.  We should instead be protecting modprobe and the
modules on disk, rather than granting random programs the ability to load code
directly into the kernel.  Instead we are going to gate those networking checks
on CAP_NET_ADMIN which still limits them to root but which does not grant
those processes the ability to load arbitrary code into the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: James Morris <jmorris@namei.org>
2009-08-14 11:18:34 +10:00
..
accessibility
acpi Merge branch 'misc-2.6.31' into release 2009-08-02 12:55:51 -04:00
amba [ARM] amba: fix amba device resources 2009-07-05 22:39:08 +01:00
ata libata: accept late unlocking of HPA 2009-07-28 21:07:09 -04:00
atm
auxdisplay
base driver core: sysdev: do not send KOBJ_ADD uevent if kobject_init_and_add fails 2009-07-28 13:45:22 -07:00
block mg_disk: Add missing ready status check on mg_write() 2009-07-28 08:57:33 +02:00
bluetooth headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
cdrom
char pty: fix data loss when stopped (^S/^Q) 2009-08-10 13:31:18 -07:00
clocksource clocksource: sh_tmu: Make undefined TCOR behaviour less undefined. 2009-06-24 21:08:11 +09:00
connector connector: maintainer/mail update. 2009-07-21 12:43:51 -07:00
cpufreq [CPUFREQ] Make cpufreq suspend code conditional on powerpc. 2009-08-04 14:32:11 -04:00
cpuidle
crypto crypto: padlock-aes - work around Nano CPU errata in CBC mode 2009-06-18 19:31:09 +08:00
dca
dio
dma Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2009-07-30 16:46:31 -07:00
edac amd64_edac: print debug statements only on error 2009-08-04 12:10:06 +02:00
eisa
firewire Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2009-07-06 14:03:44 -07:00
firmware
gpio headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
gpu drm/i915: silence vblank warnings 2009-08-09 12:25:29 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2009-07-22 09:30:07 -07:00
hwmon hwmon: (asus_atk0110) Fix upper limit readings 2009-07-28 16:31:39 +02:00
i2c i2c-omap: OMAP3430 Silicon Errata 1.153 2009-07-30 01:03:24 +01:00
ide ide-tape: Don't leak kernel stack information 2009-07-21 20:36:25 -07:00
idle
ieee1394 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2009-07-06 14:03:44 -07:00
ieee802154
infiniband Merge branches 'ehca', 'misc', 'mlx4', 'mthca' and 'nes' into for-linus 2009-06-23 10:38:47 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2009-08-07 10:42:14 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-04 15:38:34 -07:00
leds Update Yoichi Yuasa's e-mail address 2009-07-03 15:45:29 +01:00
lguest lguest and virtio: cleanup struct definitions to Linux style. 2009-07-30 16:03:46 +09:30
macintosh powerpc/pmac: Fix DMA ops for MacIO devices 2009-06-26 14:37:25 +10:00
mca
md md: Use revalidate_disk to effect changes in size of device. 2009-08-03 10:59:58 +10:00
media V4L/DVB (12303): cx23885: check pointers before dereferencing in dprintk macro 2009-07-24 14:03:32 -03:00
memstick
message fusion: mptsas, fix lock imbalance 2009-06-22 08:54:14 -05:00
mfd mfd: twl4030 irq fixes 2009-08-04 20:31:32 +02:00
misc cb710: use SG_MITER_TO_SG/SG_MITER_FROM_SG 2009-07-31 12:28:46 +02:00
mmc drivers/mmc: correct error-handling code 2009-08-07 10:39:56 -07:00
mtd Merge branch 'for-linus' of git://git.infradead.org/ubi-2.6 2009-08-09 14:58:34 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-04 15:38:34 -07:00
nubus
of of/mdio: Add support function for Ethernet fixed-link property 2009-07-22 09:27:18 -07:00
oprofile oprofile: reset bt_lost_no_mapping with other stats 2009-07-10 12:35:36 +02:00
parisc parisc: hppb.c - fix printk format strings 2009-08-02 15:42:39 +02:00
parport parport/serial: add support for NetMos 9901 Multi-IO card 2009-06-30 18:55:59 -07:00
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-08-10 11:00:37 -07:00
pcmcia Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
platform Merge branch 'bugzilla-13825' into release 2009-08-02 12:36:01 -04:00
pnp Merge branches 'acerhdf', 'acpi-pci-bind', 'bjorn-pci-root', 'bugzilla-12904', 'bugzilla-13121', 'bugzilla-13396', 'bugzilla-13533', 'bugzilla-13612', 'c3_lock', 'hid-cleanups', 'misc-2.6.31', 'pdc-leak-fix', 'pnpacpi', 'power_nocheck', 'thinkpad_acpi', 'video' and 'wmi' into release 2009-06-24 01:19:50 -04:00
power Merge git://git.infradead.org/users/cbou/battery-2.6.31 2009-07-30 16:45:53 -07:00
pps LinuxPPS: core support 2009-06-18 13:04:04 -07:00
ps3
rapidio
regulator
rtc rtc: mark if rtc-cmos drivers were successfully registered 2009-07-29 19:10:35 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2009-08-04 15:38:10 -07:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-08-04 15:38:34 -07:00
serial Merge master.kernel.org:/home/rmk/linux-2.6-arm 2009-08-07 10:46:51 -07:00
sh
sn
spi spi: omap2_mcspi rxdma bugfix 2009-07-29 19:10:35 -07:00
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-09 20:33:18 -07:00
staging Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
tc
telephony headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
thermal
uio
usb USB: fix oops on disconnect in cdc-acm 2009-08-07 16:05:14 -07:00
uwb
video i.MX31: fix framebuffer locking regressions 2009-08-07 10:39:56 -07:00
virtio virtio: refactor find_vqs 2009-07-30 16:03:45 +09:30
vlynq vlynq: fix typo in Kconfig to enable debugging 2009-07-06 13:57:03 -07:00
w1 drivers/w1/masters/omap_hdq.c: fix missing mutex unlock 2009-08-07 10:39:55 -07:00
watchdog Merge master.kernel.org:/home/rmk/linux-2.6-arm 2009-08-07 10:46:51 -07:00
xen xen: Use kcalloc() in xen_init_IRQ() 2009-07-01 11:19:47 +02:00
zorro
Kconfig LinuxPPS: core support 2009-06-18 13:04:04 -07:00
Makefile LinuxPPS: core support 2009-06-18 13:04:04 -07:00