Hi folks -
Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
remove_iface really okay, or should it perhaps be 220?
--w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
--w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
-Andy
On Monday 09 July 2007 22:17:35 Andy Green wrote:
> Hi folks -
>
> Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
> remove_iface really okay, or should it perhaps be 220?
>
> --w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
> --w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
IMO the file-permissions are correct, _but_ the following should
be added to _store_remove_iface() and _store_add_iface():
if (!capable(CAP_NET_ADMIN))
return -EPERM;
--
Greetings Michael.
On Mon, 2007-07-09 at 22:57 +0200, Michael Buesch wrote:
> On Monday 09 July 2007 22:17:35 Andy Green wrote:
> > Hi folks -
> >
> > Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
> > remove_iface really okay, or should it perhaps be 220?
> >
> > --w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
> > --w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
>
> IMO the file-permissions are correct, _but_ the following should
> be added to _store_remove_iface() and _store_add_iface():
>
> if (!capable(CAP_NET_ADMIN))
> return -EPERM;
Uh huh, yes, of course. Do you have a patch?
johannes
Michael Buesch wrote:
> On Monday 09 July 2007 22:17:35 Andy Green wrote:
>> Hi folks -
>>
>> Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
>> remove_iface really okay, or should it perhaps be 220?
>>
>> --w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
>> --w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
>
> IMO the file-permissions are correct, _but_ the following should
> be added to _store_remove_iface() and _store_add_iface():
>
> if (!capable(CAP_NET_ADMIN))
> return -EPERM;
>
Fair enough... one or the other needs doing though because right now you
can delete wlan0 as a mortal user (just tried it... you can't nuke
wmaster0 though) and I guess exhaust the possible max interfaces too. I
made a patch changing the perms to S_IWUSR|S_IWGRP, but your method is
smarter.
-Andy