Just a few suser() to capable(CAP_SYS_TTY_CONFIG) changes in char driver.
We should get rid of all those susers/fsusers. Capabilities are very
cool :)
Greetings,
Bosko
---- patch begin ----
diff -urN linux-2.4.16-vanilla/drivers/char/tty_io.c linux-2.4.16/drivers/char/tty_io.c
--- linux-2.4.16-vanilla/drivers/char/tty_io.c Sat Nov 3 02:26:17 2001
+++ linux-2.4.16/drivers/char/tty_io.c Fri Jan 11 06:24:16 2002
@@ -1377,7 +1377,7 @@
retval = -ENODEV;
filp->f_flags = saved_flags;
- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
retval = -EBUSY;
if (retval) {
@@ -1479,7 +1479,7 @@
{
char ch, mbz = 0;
- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
@@ -1517,7 +1517,7 @@
{
if (inode->i_rdev == SYSCONS_DEV ||
inode->i_rdev == CONSOLE_DEV) {
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
redirect = NULL;
return 0;
@@ -1559,7 +1559,7 @@
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_TTY_CONFIG)) {
/*
* Steal it away
*/
diff -urN linux-2.4.16-vanilla/drivers/char/vt.c linux-2.4.16/drivers/char/vt.c
--- linux-2.4.16-vanilla/drivers/char/vt.c Fri Nov 16 19:08:28 2001
+++ linux-2.4.16/drivers/char/vt.c Fri Jan 11 06:25:36 2002
@@ -440,10 +440,11 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or to have CAP_SYS_TTY_CONFIG
+ * capability.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
perm = 1;
kbd = kbd_table + console;
@@ -1038,12 +1039,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 0;
return 0;
---- patch end ----
> * This tty is already the controlling
> * tty for another session group!
> */
> - if ((arg == 1) && suser()) {
> + if ((arg == 1) && capable(CAP_SYS_TTY_CONFIG)) {
> /*
> * Steal it away
> */
You can't allow stealing of the controlling tty as TTY_CONFIG, it gives you
direct access to fake input on that console so really wants to be rather
higher.
On Fri, 11 Jan 2002, Alan Cox wrote:
> You can't allow stealing of the controlling tty as TTY_CONFIG, it gives you
> direct access to fake input on that console so really wants to be rather
> higher.
I was in doubt about this. Maybe CAP_SYS_ADMIN is better?
Greetings
> I was in doubt about this. Maybe CAP_SYS_ADMIN is better?
Think so - thats what suser() itself did so it cant be worse 8)
On Fri, 11 Jan 2002, Alan Cox wrote:
> Think so - thats what suser() itself did so it cant be worse 8)
Maybe we need more capabilities for finer grained privileges...
CAP_SYS_ADMIN is too powerful :)
So, again, the patch. Patch is made against 2.4.16.
diff -urN linux-2.4.16-vanilla/drivers/char/tty_io.c linux-2.4.16/drivers/char/tty_io.c
--- linux-2.4.16-vanilla/drivers/char/tty_io.c Sat Nov 3 02:26:17 2001
+++ linux-2.4.16/drivers/char/tty_io.c Fri Jan 11 06:24:16 2002
@@ -1377,7 +1377,7 @@
retval = -ENODEV;
filp->f_flags = saved_flags;
- if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
+ if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_TTY_CONFIG))
retval = -EBUSY;
if (retval) {
@@ -1479,7 +1479,7 @@
{
char ch, mbz = 0;
- if ((current->tty != tty) && !suser())
+ if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
@@ -1517,7 +1517,7 @@
{
if (inode->i_rdev == SYSCONS_DEV ||
inode->i_rdev == CONSOLE_DEV) {
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
redirect = NULL;
return 0;
@@ -1559,7 +1559,7 @@
* This tty is already the controlling
* tty for another session group!
*/
- if ((arg == 1) && suser()) {
+ if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
diff -urN linux-2.4.16-vanilla/drivers/char/vt.c linux-2.4.16/drivers/char/vt.c
--- linux-2.4.16-vanilla/drivers/char/vt.c Fri Nov 16 19:08:28 2001
+++ linux-2.4.16/drivers/char/vt.c Fri Jan 11 06:25:36 2002
@@ -440,10 +440,11 @@
/*
* To have permissions to do most of the vt ioctls, we either have
- * to be the owner of the tty, or super-user.
+ * to be the owner of the tty, or to have CAP_SYS_TTY_CONFIG
+ * capability.
*/
perm = 0;
- if (current->tty == tty || suser())
+ if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
perm = 1;
kbd = kbd_table + console;
@@ -1038,12 +1039,12 @@
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
- if (!suser())
+ if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 0;
return 0;