On Sun, 2016-05-15 at 11:13 +0200, Arend van Spriel wrote:
> Since commit 5ed071ec9992 ("nl80211: Allow privileged operations
> from user namespaces") the definition GENL_UNS_ADMIN_PERM is used
> by nl80211.c. Add definition if not defined by target kernel.
NACK, this patch is really bad and breaks all security properties since
older kernels will not know anything about the flag 0x10, they will
assume that no permission checks are required.
The only sane thing to do is to
#define GENL_UNS_ADMIN_PERM GENL_ADMIN_PERM
and not get the user-namespace-awareness on kernels that didn't know
about the flag already.
johannes
--
To unsubscribe from this list: send the line "unsubscribe backports" in
