Q: investigate the use of ns_capable_noaudit() in the network bonding driver #30
Description
The bonding driver has a number of CAP_NET_ADMIN checks which may not need to be audited, see the capable(CAP_NET_ADMIN) calls in the following commit:
commit 4cd6b4754492c08f00e6237fd7e5c8b443370d15
Author: Mahesh Bandewar <[email protected]>
Date: Thu Jun 18 11:30:54 2015 -0700
bonding: Display LACP info only to CAP_NET_ADMIN capable user
Actor and Partner details can be accessed via proc-fs, sys-fs
entries or netlink interface. These interfaces are world readable
at this moment. The earlier patch-series made the LACP communication
secure to avoid nuisance attack from within the same L2 domain but
it did not prevent "someone unprivileged" looking at that information
on host and perform the same act.
This patch essentially avoids spitting those entries if the user
in question does not have enough privileges.
Signed-off-by: Mahesh Bandewar <[email protected]>
Signed-off-by: Andy Gospodarek <[email protected]>
Signed-off-by: David S. Miller <[email protected]>