Applied, thanks!
Sophiel Zhou, le sam. 06 juin 2026 22:34:20 +0800, a ecrit:
> Non-root users could bypass the EPERM check and still modify
> the interface MTU because the isroot check was not chained into
> the same if-else block as the device and mtu validation.
>
> Add the missing else to ensure the modification is skipped when
> the caller is not root.
> ---
> pfinet/iioctl-ops.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/pfinet/iioctl-ops.c b/pfinet/iioctl-ops.c
> index aae09df1..ccebec87 100644
> --- a/pfinet/iioctl-ops.c
> +++ b/pfinet/iioctl-ops.c
> @@ -596,7 +596,7 @@ S_iioctl_siocsifmtu (struct sock_user *user,
>
> if (!user->isroot)
> err = EPERM;
> - if (!dev)
> + else if (!dev)
> err = ENODEV;
> else if (mtu <= 0)
> err = EINVAL;
> --
> 2.54.0
