]> bbs.cooldavid.org Git - net-next-2.6.git/commit - net/netfilter/ipvs/ip_vs_ctl.c
git://bbs.cooldavid.org / net-next-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d470e3b) | patch
[IPVS]: Fix for overflows
authorpageexec <pageexec@freemail.hu>
Sun, 26 Jun 2005 23:00:19 +0000 (16:00 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 26 Jun 2005 23:00:19 +0000 (16:00 -0700)
commit4da62fc70d7cbcf8fa606a8c806d9dc8faa0ceae
treec15f61c9c0a1b1e88990eab47ebc89a4a83b3a4etree | snapshot (tar.bz2 tar.gz zip)
parentd470e3b483dcf79c16463bc740738dca76a035a9commit | diff
[IPVS]: Fix for overflows

From: <pageexec@freemail.hu>

$subject was fixed in 2.4 already, 2.6 needs it as well.

The impact of the bugs is a kernel stack overflow and privilege escalation
from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON
ioctls.  People running with 'root=all caps' (i.e., most users) are not
really affected (there's nothing to escalate), but SELinux and similar
users should take it seriously if they grant CAP_NET_ADMIN to other users.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ipvs/ip_vs_ctl.c diff | blob | blame | history
net/ipv4/ipvs/ip_vs_sync.c diff | blob | blame | history
Clone of davem's net-next-2.6 tree