OpenSDV
/
linux-stable-rt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-stable-rt/net/ipv4/netfilter
History
Björn Steinbrink 82fac0542e [NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer 
The 32bit compatibility layer has no CAP_NET_ADMIN check in
compat_do_ipt_get_ctl, which for example allows to list the current
iptables rules even without having that capability (the non-compat
version requires it). Other capabilities might be required to exploit
the bug (eg. CAP_NET_RAW to get the nfnetlink socket?), so a plain user
can't exploit it, but a setup actually using the posix capability system
might very well hit such a constellation of granted capabilities.

Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2006-10-20 00:21:10 -07:00
..
Kconfig
Makefile
arp_tables.c
arpt_mangle.c
arptable_filter.c
ip_conntrack_amanda.c
ip_conntrack_core.c
ip_conntrack_ftp.c
ip_conntrack_helper_h323.c
ip_conntrack_helper_h323_asn1.c
ip_conntrack_helper_h323_types.c
ip_conntrack_helper_pptp.c
ip_conntrack_irc.c
ip_conntrack_netbios_ns.c
ip_conntrack_netlink.c [NETFILTER]: ctnetlink: Remove debugging messages 2006-10-15 23:14:11 -07:00
ip_conntrack_proto_generic.c
ip_conntrack_proto_gre.c
ip_conntrack_proto_icmp.c
ip_conntrack_proto_sctp.c
ip_conntrack_proto_tcp.c
ip_conntrack_proto_udp.c
ip_conntrack_sip.c
ip_conntrack_standalone.c
ip_conntrack_tftp.c
ip_nat_amanda.c
ip_nat_core.c
ip_nat_ftp.c
ip_nat_helper.c
ip_nat_helper_h323.c
ip_nat_helper_pptp.c
ip_nat_irc.c
ip_nat_proto_gre.c
ip_nat_proto_icmp.c
ip_nat_proto_tcp.c
ip_nat_proto_udp.c
ip_nat_proto_unknown.c
ip_nat_rule.c
ip_nat_sip.c
ip_nat_snmp_basic.c
ip_nat_standalone.c
ip_nat_tftp.c
ip_queue.c
ip_tables.c [NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer 2006-10-20 00:21:10 -07:00
ipt_CLUSTERIP.c
ipt_ECN.c
ipt_LOG.c
ipt_MASQUERADE.c
ipt_NETMAP.c
ipt_REDIRECT.c
ipt_REJECT.c
ipt_SAME.c
ipt_TCPMSS.c
ipt_TOS.c
ipt_TTL.c
ipt_ULOG.c
ipt_addrtype.c
ipt_ah.c
ipt_ecn.c
ipt_hashlimit.c
ipt_iprange.c
ipt_owner.c
ipt_recent.c
ipt_tos.c
ipt_ttl.c
iptable_filter.c
iptable_mangle.c
iptable_raw.c
nf_conntrack_l3proto_ipv4.c
nf_conntrack_proto_icmp.c