linux/net at 82fac0542e11c0d3316cc8fdafd2a990d2aab692 - linux - Asai Git

sugar/linux

Files

History

Björn Steinbrink 82fac0542e [NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer

The 32bit compatibility layer has no CAP_NET_ADMIN check in
compat_do_ipt_get_ctl, which for example allows to list the current
iptables rules even without having that capability (the non-compat
version requires it). Other capabilities might be required to exploit
the bug (eg. CAP_NET_RAW to get the nfnetlink socket?), so a plain user
can't exploit it, but a setup actually using the posix capability system
might very well hit such a constellation of granted capabilities.

Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

2006-10-20 00:21:10 -07:00

..

[TR]: endiannness annotations

2006-09-28 17:53:59 -07:00

[PATCH] Finish annotations of struct vlan_ethhdr

2006-10-10 16:15:34 -07:00

[ATALK]: endianness annotations

2006-09-28 17:53:58 -07:00

Remove all inclusions of <linux/config.h>

2006-10-04 03:38:54 -04:00

[NET]: Conversions from kmalloc+memset to k(z|c)alloc.

2006-07-21 14:51:30 -07:00

[Bluetooth] Add locking for bt_proto array manipulation

2006-10-15 23:14:34 -07:00

[BRIDGE]: flush forwarding table when device carrier off

2006-10-15 23:14:13 -07:00

[NETPOLL]: initialize skb for UDP

2006-10-19 23:58:23 -07:00

[NET]: Use typesafe inet_twsk() inline function instead of cast.

2006-10-11 23:59:58 -07:00

[DECNET]: Fix input routing bug

2006-10-18 20:45:22 -07:00

[NET]: Conversions from kmalloc+memset to k(z|c)alloc.

2006-07-21 14:51:30 -07:00

[NET]: Annotate dst_ops protocol

2006-09-28 18:02:58 -07:00

[PATCH] bcm43xx: WE-21 support

2006-09-25 16:52:16 -04:00

[NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer

2006-10-20 00:21:10 -07:00

[IPV6]: Fix route.c warnings when multiple tables are disabled.

2006-10-18 21:20:57 -07:00

[IPX]: Fix typo, ipxhdr() --> ipx_hdr()

2006-08-09 17:36:15 -07:00

[PATCH] strndup() would better take size_t, not int

2006-10-10 15:37:24 -07:00

IPsec: correct semantics for SELinux policy matching

2006-10-11 23:59:37 -07:00

[LAPB]: Fix windowsize check

2006-08-05 21:15:58 -07:00

[LLC]: multicast receive device match

2006-08-13 18:56:26 -07:00

[NETFILTER]: ctnetlink: Remove debugging messages

2006-10-15 23:14:11 -07:00

NetLabel: fix a cache race condition

2006-10-11 23:59:29 -07:00

[GENL]: Provide more information to userspace about registered genl families

2006-09-22 15:18:51 -07:00

[NETROM] lockdep: fix false positive

2006-07-12 13:59:02 -07:00

[NET]: Fix sk->sk_filter field access

2006-09-22 15:18:47 -07:00

[ROSE] lockdep: fix false positive

2006-07-12 13:58:59 -07:00

[PATCH] kmemdup: some users

2006-10-01 00:39:19 -07:00

[PKT_SCHED] sch_htb: use rb_first() cleanup

2006-10-12 01:52:05 -07:00

[IPV6]: Make sure error handling is done when calling ip6_route_output().

2006-10-18 19:55:27 -07:00

[PATCH] knfsd: Allow lockd to drop replies as appropriate

2006-10-17 08:18:46 -07:00

[TIPC]: Updated TIPC version number to 1.6.2

2006-10-18 19:55:24 -07:00

[AF_UNIX]: Change max_dgram_qlen sysctl to __read_mostly

2006-09-22 15:18:42 -07:00

[NET]: Conversions from kmalloc+memset to k(z|c)alloc.

2006-07-21 14:51:30 -07:00

Remove obsolete #include <linux/config.h>

2006-06-30 19:25:36 +02:00

[XFRM]: Fix xfrm_state_num going negative.

2006-10-15 23:14:18 -07:00

compat.c

[NET]: File descriptor loss while receiving SCM_RIGHTS

2006-10-11 23:59:48 -07:00

Kconfig

[NET] Kconfig: fix cut/paste error in TCPPROBE

2006-09-28 17:53:57 -07:00

Makefile

[NetLabel]: core NetLabel subsystem

2006-09-22 14:53:34 -07:00

nonet.c

[PATCH] Make most file operations structs in fs/ const

2006-03-28 09:16:06 -08:00

socket.c

[PATCH] file: modify struct fown_struct to use a struct pid

2006-10-02 07:57:14 -07:00

sysctl_net.c

Remove obsolete #include <linux/config.h>

2006-06-30 19:25:36 +02:00

TUNABLE

…