summaryrefslogtreecommitdiffstats
path: root/crypto/crypto_user.c
diff options
context:
space:
mode:
authorMatthias-Christian Ott <ott@mirix.org>2014-05-08 21:58:12 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2014-05-08 21:58:12 +0800
commitc568398aa05f852592d0e2b1dc893e6c5c14971c (patch)
tree222b91790ea0dee106e90a9fa22839d7e116bc1a /crypto/crypto_user.c
parentda37503d37bb6ae72cca0b4d729c153f04b9f0cc (diff)
downloadlinux-c568398aa05f852592d0e2b1dc893e6c5c14971c.tar.gz
linux-c568398aa05f852592d0e2b1dc893e6c5c14971c.tar.bz2
linux-c568398aa05f852592d0e2b1dc893e6c5c14971c.zip
crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN
CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher details, such as cipher priorities, for AF_ALG. Signed-off-by: Matthias-Christian Ott <ott@mirix.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/crypto_user.c')
-rw-r--r--crypto/crypto_user.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 1512e41cd93d..aa906b8fdd17 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -265,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
LIST_HEAD(list);
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
return -EINVAL;
@@ -295,6 +298,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct crypto_alg *alg;
struct crypto_user_alg *p = nlmsg_data(nlh);
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
return -EINVAL;
@@ -379,6 +385,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct crypto_user_alg *p = nlmsg_data(nlh);
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
return -EINVAL;
@@ -466,9 +475,6 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
type -= CRYPTO_MSG_BASE;
link = &crypto_dispatch[type];
- if (!capable(CAP_NET_ADMIN))
- return -EPERM;
-
if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
(nlh->nlmsg_flags & NLM_F_DUMP))) {
struct crypto_alg *alg;