Re: [PATCH] suser to capable changes in char driver

Bosko Radivojevic (bole@falcon.etf.bg.ac.yu)
Fri, 11 Jan 2002 15:30:36 +0100 (CET)


On Fri, 11 Jan 2002, Alan Cox wrote:

> Think so - thats what suser() itself did so it cant be worse 8)

Maybe we need more capabilities for finer grained privileges...
CAP_SYS_ADMIN is too powerful :)

So, again, the patch. Patch is made against 2.4.16.

diff -urN linux-2.4.16-vanilla/drivers/char/tty_io.c linux-2.4.16/drivers/char/tty_io.c
--- linux-2.4.16-vanilla/drivers/char/tty_io.c Sat Nov 3 02:26:17 2001
+++ linux-2.4.16/drivers/char/tty_io.c Fri Jan 11 06:24:16 2002
@@ -1377,7 +1377,7 @@
retval = -ENODEV;
filp->f_flags = saved_flags;

- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
retval = -EBUSY;

if (retval) {
@@ -1479,7 +1479,7 @@
{
char ch, mbz = 0;

- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
@@ -1517,7 +1517,7 @@
{
if (inode->i_rdev == SYSCONS_DEV ||
inode->i_rdev == CONSOLE_DEV) {
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
redirect = NULL;
return 0;
@@ -1559,7 +1559,7 @@
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
diff -urN linux-2.4.16-vanilla/drivers/char/vt.c linux-2.4.16/drivers/char/vt.c
--- linux-2.4.16-vanilla/drivers/char/vt.c Fri Nov 16 19:08:28 2001
+++ linux-2.4.16/drivers/char/vt.c Fri Jan 11 06:25:36 2002
@@ -440,10 +440,11 @@

/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or to have CAP_SYS_TTY_CONFIG
+ * capability.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
perm = 1;

kbd = kbd_table + console;
@@ -1038,12 +1039,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);

case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 0;
return 0;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/