| From foo@baz Tue 01 Oct 2019 04:06:17 PM CEST |
| From: Ori Nimron <orinimron123@gmail.com> |
| Date: Fri, 20 Sep 2019 09:35:48 +0200 |
| Subject: ieee802154: enforce CAP_NET_RAW for raw sockets |
| |
| From: Ori Nimron <orinimron123@gmail.com> |
| |
| [ Upstream commit e69dbd4619e7674c1679cba49afd9dd9ac347eef ] |
| |
| When creating a raw AF_IEEE802154 socket, CAP_NET_RAW needs to be |
| checked first. |
| |
| Signed-off-by: Ori Nimron <orinimron123@gmail.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Acked-by: Stefan Schmidt <stefan@datenfreihafen.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ieee802154/socket.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/net/ieee802154/socket.c |
| +++ b/net/ieee802154/socket.c |
| @@ -1003,6 +1003,9 @@ static int ieee802154_create(struct net |
| |
| switch (sock->type) { |
| case SOCK_RAW: |
| + rc = -EPERM; |
| + if (!capable(CAP_NET_RAW)) |
| + goto out; |
| proto = &ieee802154_raw_prot; |
| ops = &ieee802154_raw_ops; |
| break; |
