Commit d4403fa4 authored by Ori Nimron's avatar Ori Nimron Committed by Khalid Elmously

ieee802154: enforce CAP_NET_RAW for raw sockets

When creating a raw AF_IEEE802154 socket, CAP_NET_RAW needs to be
checked first.
Signed-off-by: default avatarOri Nimron <orinimron123@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>

CVE-2019-17053

(cherry picked from commit e69dbd46)
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent fe550fe5
...@@ -999,6 +999,9 @@ static int ieee802154_create(struct net *net, struct socket *sock, ...@@ -999,6 +999,9 @@ static int ieee802154_create(struct net *net, struct socket *sock,
switch (sock->type) { switch (sock->type) {
case SOCK_RAW: case SOCK_RAW:
rc = -EPERM;
if (!capable(CAP_NET_RAW))
goto out;
proto = &ieee802154_raw_prot; proto = &ieee802154_raw_prot;
ops = &ieee802154_raw_ops; ops = &ieee802154_raw_ops;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment