The patch titled sysctl: permission check based on capability not euid has been added to the -mm tree. Its filename is sysctl-permission-check-based-on-capability-not-euid.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: sysctl: permission check based on capability not euid From: Stephen Hemminger <stephen.hemminger@xxxxxxxxxx> Modify the permission checks for sysctl's from being based on uid=0 (root) to use the capability system. This matches the behavior of other OS's using sysctl's and capabilities. Linux has tried to get away from using uid=0 for security overrides and use capabilities instead. I was working on Quagga enhancement that involved enabling a sysctl, and it didn't work because is a safe daemon and drops privileges and resets its real/effective uid after initialization; it then re-enables only the capabilities when it needs to do some privileged operation. This wouldn't work because sysctl's were still using the root based permission check. The existing code in quagga to enable ip forwarding doesn't work for the same reason. Signed-off-by: Stephen Hemminger <shemminger@xxxxxxxxxx> Cc: Andrew Morgan <morgan@xxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx> Cc: Pavel Emelyanov <xemul@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- include/linux/capability.h | 1 + kernel/sysctl.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff -puN include/linux/capability.h~sysctl-permission-check-based-on-capability-not-euid include/linux/capability.h --- a/include/linux/capability.h~sysctl-permission-check-based-on-capability-not-euid +++ a/include/linux/capability.h @@ -274,6 +274,7 @@ typedef struct kernel_cap_struct { arbitrary SCSI commands */ /* Allow setting encryption key on loopback filesystem */ /* Allow setting zone reclaim policy */ +/* Allow setting any sysctl value */ #define CAP_SYS_ADMIN 21 diff -puN kernel/sysctl.c~sysctl-permission-check-based-on-capability-not-euid kernel/sysctl.c --- a/kernel/sysctl.c~sysctl-permission-check-based-on-capability-not-euid +++ a/kernel/sysctl.c @@ -1565,7 +1565,7 @@ out: static int test_perm(int mode, int op) { - if (!current->euid) + if (capable(CAP_SYS_ADMIN)) mode >>= 6; else if (in_egroup_p(0)) mode >>= 3; _ Patches currently in -mm which might be from stephen.hemminger@xxxxxxxxxx are sysctl-permission-check-based-on-capability-not-euid.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html