Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>:
On Sun, 16 Apr 2023 16:14:04 +0800 you wrote:
> Previously, capability was checked using capable(), which verified that the
> caller of the ioctl system call had the required capability. In addition,
> the result of the check would be stored in the HCI_SOCK_TRUSTED flag,
> making it persistent for the socket.
>
> However, malicious programs can abuse this approach by deliberately sharing
> an HCI socket with a privileged task. The HCI socket will be marked as
> trusted when the privileged task occasionally makes an ioctl call.
>
> [...]
Here is the summary with links:
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
https://git.kernel.org/bluetooth/bluetooth-next/c/313016d28888
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
