summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-03-27 20:28:10 -0700
committerDavid S. Miller <davem@davemloft.net>2008-03-27 20:28:10 -0700
commit3480c63bdf008e9289aab94418f43b9592978fff (patch)
tree14a355d650dc467e105fe00bc62a3599e890bc50 /net
parent349fb2d6492e7d644bc8e670ba11d764a3e2901b (diff)
downloadlinux-3.10-3480c63bdf008e9289aab94418f43b9592978fff.tar.gz
linux-3.10-3480c63bdf008e9289aab94418f43b9592978fff.tar.bz2
linux-3.10-3480c63bdf008e9289aab94418f43b9592978fff.zip
[LLC]: Restrict LLC sockets to root
LLC currently allows users to inject raw frames, including IP packets encapsulated in SNAP. While Linux doesn't handle IP over SNAP, other systems do. Restrict LLC sockets to root similar to packet sockets. [ Modified Patrick's patch to use CAP_NEW_RAW --DaveM ] Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/llc/af_llc.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 46cf962f7f8..8c50eb430c1 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -155,6 +155,9 @@ static int llc_ui_create(struct net *net, struct socket *sock, int protocol)
struct sock *sk;
int rc = -ESOCKTNOSUPPORT;
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
+
if (net != &init_net)
return -EAFNOSUPPORT;