On 16-5-2016 21:27, Johannes Berg wrote:
> On Sun, 2016-05-15 at 11:13 +0200, Arend van Spriel wrote:
>> Since commit 5ed071ec9992 ("nl80211: Allow privileged operations
>> from user namespaces") the definition GENL_UNS_ADMIN_PERM is used
>> by nl80211.c. Add definition if not defined by target kernel.
>
> NACK, this patch is really bad and breaks all security properties since
> older kernels will not know anything about the flag 0x10, they will
> assume that no permission checks are required.
Obviously been cutting to many corners here.
> The only sane thing to do is to
> #define GENL_UNS_ADMIN_PERM GENL_ADMIN_PERM
>
> and not get the user-namespace-awareness on kernels that didn't know
> about the flag already.
Will send a v2 using your suggestion.
Regards,
Arend
--
To unsubscribe from this list: send the line "unsubscribe backports" in
