[PATCH] block: move CAP_SYS_ADMIN check in blkdev_roset()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Check for CAP_SYS_ADMIN before calling into the driver, similar to
blkdev_flushbuf().  This is safer and can spare a check in the driver.

(Currently BLKROSET is overridden by md and rbd, rbd is missing the
check.  md has the check, but it covers a lot more than BLKROSET.)

Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
---
Al, this appears to go back to your "[PATCH] block ioctl cleanup",
history commit c6973580141c.  2002 was a long time ago, but still ;)
Was there a reason you made BLKFLSBUF check for CAP_SYS_ADMIN before
->ioctl() and BLKROSET after?
---
 block/ioctl.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/ioctl.c b/block/ioctl.c
index 0de02ee67eed..3f81bc50ac00 100644
--- a/block/ioctl.c
+++ b/block/ioctl.c
@@ -437,11 +437,12 @@ static int blkdev_roset(struct block_device *bdev, fmode_t mode,
 {
 	int ret, n;
 
+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
+
 	ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
 	if (!is_unrecognized_ioctl(ret))
 		return ret;
-	if (!capable(CAP_SYS_ADMIN))
-		return -EACCES;
 	if (get_user(n, (int __user *)arg))
 		return -EFAULT;
 	set_device_ro(bdev, n);
-- 
2.4.3




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux