net: Update the sysctl permissions handler to test effective uid/gid

ebiederm · torvalds · commit 2433c8f094a0 · 2013-10-06T13:50:14.000-07:00
Modify the code to use current_euid(), and in_egroup_p, as in done
in fs/proc/proc_sysctl.c:test_perm()

Cc: stable@vger.kernel.org
Reviewed-by: Eric Sandeen &lt;sandeen@redhat.com&gt;
Reported-by: Eric Sandeen &lt;sandeen@redhat.com&gt;
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
@@ -47,12 +47,12 @@ static int net_ctl_permissions(struct ctl_table_header *head,
 
 	/* Allow network administrator to have same access as root. */
 	if (ns_capable(net->user_ns, CAP_NET_ADMIN) ||
-	    uid_eq(root_uid, current_uid())) {
+	    uid_eq(root_uid, current_euid())) {
 		int mode = (table->mode >> 6) & 7;
 		return (mode << 6) | (mode << 3) | mode;
 	}
 	/* Allow netns root group to have the same access as the root group */
-	if (gid_eq(root_gid, current_gid())) {
+	if (in_egroup_p(root_gid)) {
 		int mode = (table->mode >> 3) & 7;
 		return (mode << 3) | mode;
 	}

Original file line number	Diff line number	Diff line change
`@@ -47,12 +47,12 @@ static int net_ctl_permissions(struct ctl_table_header *head,`
`47`	`47`
`48`	`48`	`/* Allow network administrator to have same access as root. */`
`49`	`49`	`if (ns_capable(net->user_ns, CAP_NET_ADMIN) \|\|`
`50`		`- uid_eq(root_uid, current_uid())) {`
	`50`	`+ uid_eq(root_uid, current_euid())) {`
`51`	`51`	`int mode = (table->mode >> 6) & 7;`
`52`	`52`	`return (mode << 6) \| (mode << 3) \| mode;`
`53`	`53`	`}`
`54`	`54`	`/* Allow netns root group to have the same access as the root group */`
`55`		`- if (gid_eq(root_gid, current_gid())) {`
	`55`	`+ if (in_egroup_p(root_gid)) {`
`56`	`56`	`int mode = (table->mode >> 3) & 7;`
`57`	`57`	`return (mode << 3) \| mode;`
`58`	`58`	`}`