Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=62f29babbc60ab572d3cecda981931d3a66123d6
Commit: 62f29babbc60ab572d3cecda981931d3a66123d6
Parent: 1fa4db7d308da04f6644c5cb8eed244c200d4ed5
Author: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
AuthorDate: Wed Dec 5 13:55:36 2007 -0800
Committer: Dave Airlie <[EMAIL PROTECTED]>
CommitDate: Tue Feb 5 14:33:32 2008 +1000
agp: remove uid comparison as security check
In the face of containers and user namespaces, a uid==0 check for
security is not safe. Switch to a capability check.
I'm not sure I picked the right capability, but this being AGP
CAP_SYS_RAWIO seemed to make sense.
Signed-off-by: Serge Hallyn <[EMAIL PROTECTED]>
Signed-off-by: Dave Airlie <[EMAIL PROTECTED]>
---
drivers/char/agp/frontend.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c
index 9bd5a95..55d7a82 100644
--- a/drivers/char/agp/frontend.c
+++ b/drivers/char/agp/frontend.c
@@ -689,7 +689,7 @@ static int agp_open(struct inode *inode, struct file *file)
set_bit(AGP_FF_ALLOW_CLIENT, &priv->access_flags);
priv->my_pid = current->pid;
- if ((current->uid == 0) || (current->suid == 0)) {
+ if (capable(CAP_SYS_RAWIO)) {
/* Root priv, can be controller */
set_bit(AGP_FF_ALLOW_CONTROLLER, &priv->access_flags);
}
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
