Skip to content

L
linux
Commit 4c6871db authored by Colin Slater's avatar Colin Slater Committed by Linus Torvalds
Browse files
Options

[PATCH] suser() -> capable() checks 

  Trivial patch to change some instances of suser() and fsuser() to
proper capable() checks.
parent 35d0afd5
Hide whitespace changes
Inline Side-by-side
Showing with 40 additions and 48 deletions
arch/ppc64/kernel/ioctl32.c
View file @ 4c6871db
......@@ -1779,9 +1779,9 @@ static int vt_check(struct file *file)
/*
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
* to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
if (current->tty == tty || suser())
if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
......
arch/sparc64/kernel/ioctl32.c
View file @ 4c6871db
......@@ -2059,9 +2059,9 @@ static int vt_check(struct file *file)
/*
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
* to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
if (current->tty == tty || suser())
if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
......
arch/x86_64/ia32/ia32_ioctl.c
View file @ 4c6871db
......@@ -1648,9 +1648,9 @@ static int vt_check(struct file *file)
/*
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
* to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
if (current->tty == tty || suser())
if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
return 1;
return 0;
}
......
arch/x86_64/kernel/mtrr.c
View file @ 4c6871db
......@@ -983,7 +983,7 @@ static ssize_t mtrr_write (struct file *file, const char *buf,
char *ptr;
char line[LINE_SIZE];
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
/* Can't seek (pwrite) on this device */
......@@ -1071,7 +1071,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
return -ENOIOCTLCMD;
case MTRRIOC_ADD_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1083,7 +1083,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_SET_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1093,7 +1093,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_DEL_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1103,7 +1103,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_KILL_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1134,7 +1134,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_ADD_PAGE_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1146,7 +1146,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_SET_PAGE_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1156,7 +1156,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_DEL_PAGE_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......@@ -1166,7 +1166,7 @@ static int mtrr_ioctl (struct inode *inode, struct file *file,
break;
case MTRRIOC_KILL_PAGE_ENTRY:
if (!suser ())
if (!capable (CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user (&sentry, (void *) arg, sizeof sentry))
return -EFAULT;
......
drivers/block/cpqarray.c
View file @ 4c6871db
......@@ -769,7 +769,7 @@ static int ida_open(struct inode *inode, struct file *filep)
if (ctlr > MAX_CTLR || hba[ctlr] == NULL)
return -ENXIO;
if (!suser() && ida_sizes[(ctlr << CTLR_SHIFT) +
if (!capable(CAP_SYS_RAWIO) && ida_sizes[(ctlr << CTLR_SHIFT) +
minor(inode->i_rdev)] == 0)
return -ENXIO;
......@@ -779,7 +779,7 @@ static int ida_open(struct inode *inode, struct file *filep)
* but I'm already using way to many device nodes to claim another one
* for "raw controller".
*/
if (suser()
if (capable(CAP_SYS_ADMIN)
&& ida_sizes[(ctlr << CTLR_SHIFT) + minor(inode->i_rdev)] == 0
&& minor(inode->i_rdev) != 0)
return -ENXIO;
......@@ -1121,7 +1121,7 @@ static int ida_ioctl(struct inode *inode, struct file *filep, unsigned int cmd,
case BLKRRPART:
return revalidate_logvol(inode->i_rdev, 1);
case IDAPASSTHRU:
if (!suser()) return -EPERM;
if (!capable(CAP_SYS_RAWIO)) return -EPERM;
error = copy_from_user(&my_io, io, sizeof(my_io));
if (error) return error;
error = ida_ctlr_ioctl(ctlr, dsk, &my_io);
......
drivers/block/swim3.c
View file @ 4c6871db
......@@ -820,7 +820,7 @@ static int floppy_ioctl(struct inode *inode, struct file *filp,
if (devnum >= floppy_count)
return -ENODEV;
if ((cmd & 0x80) && !suser())
if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
......
drivers/block/swim_iop.c
View file @ 4c6871db
......@@ -348,7 +348,7 @@ static int floppy_ioctl(struct inode *inode, struct file *filp,
if (devnum >= floppy_count)
return -ENODEV;
if ((cmd & 0x80) && !suser())
if ((cmd & 0x80) && !capable(CAP_SYS_ADMIN))
return -EPERM;
fs = &floppy_states[devnum];
......
drivers/char/ip2main.c
View file @ 4c6871db
......@@ -2662,7 +2662,7 @@ set_serial_info( i2ChanStrPtr pCh, struct serial_struct *new_info )
old_flags = pCh->flags;
old_baud_divisor = pCh->BaudDivisor;
if ( !suser() ) {
if ( !capable(CAP_SYS_ADMIN) ) {
if ( ( ns.close_delay != pCh->ClosingDelay ) ||
( (ns.flags & ~ASYNC_USR_MASK) !=
(pCh->flags & ~ASYNC_USR_MASK) ) ) {
......
drivers/char/moxa.c
View file @ 4c6871db
......@@ -2799,7 +2799,7 @@ static int moxa_set_serial_info(struct moxa_str *info,
(new_serial.baud_base != 921600))
return (-EPERM);
if (!suser()) {
if (!capable(CAP_SYS_ADMIN)) {
if (((new_serial.flags & ~ASYNC_USR_MASK) !=
(info->asyncflags & ~ASYNC_USR_MASK)))
return (-EPERM);
......
drivers/char/mxser.c
View file @ 4c6871db
......@@ -2199,7 +2199,7 @@ static int mxser_set_serial_info(struct mxser_struct *info,
flags = info->flags & ASYNC_SPD_MASK;
if (!suser()) {
if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.baud_base != info->baud_base) ||
(new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ~ASYNC_USR_MASK) !=
......
drivers/char/rio/rio_linux.c
View file @ 4c6871db
......@@ -702,7 +702,7 @@ static int rio_fw_ioctl (struct inode *inode, struct file *filp,
func_enter();
/* The "dev" argument isn't used. */
rc = -riocontrol (p, 0, cmd, (void *)arg, suser ());
rc = -riocontrol (p, 0, cmd, (void *)arg, capable(CAP_SYS_ADMIN));
func_exit ();
return rc;
......
drivers/char/rocket.c
View file @ 4c6871db
......@@ -1238,11 +1238,7 @@ static int set_config(struct r_port * info, struct rocket_config * new_info)
if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
return -EFAULT;
#ifdef CAP_SYS_ADMIN
if (!capable(CAP_SYS_ADMIN))
#else
if (!suser())
#endif
{
if ((new_serial.flags & ~ROCKET_USR_MASK) !=
(info->flags & ~ROCKET_USR_MASK))
......
drivers/char/serial167.c
View file @ 4c6871db
......@@ -1472,7 +1472,7 @@ set_serial_info(struct cyclades_port * info,
return -EFAULT;
old_info = *info;
if (!suser()) {
if (!capable(CAP_SYS_ADMIN)) {
if ((new_serial.close_delay != info->close_delay) ||
((new_serial.flags & ASYNC_FLAGS & ~ASYNC_USR_MASK) !=
(info->flags & ASYNC_FLAGS & ~ASYNC_USR_MASK)))
......
drivers/char/tty_io.c
View file @ 4c6871db
......@@ -1370,7 +1370,7 @@ static int tty_open(struct inode * inode, struct file * filp)
retval = -ENODEV;
filp->f_flags = saved_flags;
if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !suser())
if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
retval = -EBUSY;
if (retval) {
......@@ -1472,7 +1472,7 @@ static int tiocsti(struct tty_struct *tty, char * arg)
{
char ch, mbz = 0;
if ((current->tty != tty) && !suser())
if ((current->tty != tty) && !capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(ch, arg))
return -EFAULT;
......@@ -1510,7 +1510,7 @@ static int tioccons(struct inode *inode,
{
if (IS_SYSCONS_DEV(inode->i_rdev) ||
IS_CONSOLE_DEV(inode->i_rdev)) {
if (!suser())
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
redirect = NULL;
return 0;
......@@ -1552,7 +1552,7 @@ static int tiocsctty(struct tty_struct *tty, int arg)
* This tty is already the controlling
* tty for another session group!
*/
if ((arg == 1) && suser()) {
if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
/*
* Steal it away
*/
......
drivers/char/vt.c
View file @ 4c6871db
......@@ -440,10 +440,10 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
/*
* To have permissions to do most of the vt ioctls, we either have
* to be the owner of the tty, or super-user.
* to be the owner of the tty, or have CAP_SYS_TTY_CONFIG.
*/
perm = 0;
if (current->tty == tty || suser())
if (current->tty == tty || capable(CAP_SYS_TTY_CONFIG))
perm = 1;
kbd = kbd_table + console;
......@@ -508,7 +508,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
{
struct kbd_repeat kbrep;
if (!capable(CAP_SYS_ADMIN))
if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
if (copy_from_user(&kbrep, (void *)arg,
......@@ -621,7 +621,7 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
case KDGETKEYCODE:
case KDSETKEYCODE:
if(!capable(CAP_SYS_ADMIN))
if(!capable(CAP_SYS_TTY_CONFIG))
perm=0;
return do_kbkeycode_ioctl(cmd, (struct kbkeycode *)arg, perm);
......@@ -1038,12 +1038,12 @@ int vt_ioctl(struct tty_struct *tty, struct file * file,
return do_unimap_ioctl(cmd, (struct unimapdesc *)arg, perm);
case VT_LOCKSWITCH:
if (!suser())
if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 1;
return 0;
case VT_UNLOCKSWITCH:
if (!suser())
if (!capable(CAP_SYS_TTY_CONFIG))
return -EPERM;
vt_dont_switch = 0;
return 0;
......
drivers/media/video/zr36120.c
View file @ 4c6871db
......@@ -1291,11 +1291,7 @@ int zoran_ioctl(struct video_device* dev, unsigned int cmd, void *arg)
case VIDIOCSFBUF:
{
struct video_buffer v;
#if LINUX_VERSION_CODE >= 0x020100
if(!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_ADMIN))
#else
if(!suser())
#endif
if(!capable(CAP_SYS_ADMIN))
return -EPERM;
if (copy_from_user(&v, arg,sizeof(v)))
return -EFAULT;
......
drivers/pcmcia/ds.c
View file @ 4c6871db
......@@ -830,7 +830,7 @@ static int ds_ioctl(struct inode * inode, struct file * file,
err = unbind_request(i, &buf.bind_info);
break;
case DS_BIND_MTD:
if (!suser()) return -EPERM;
if (!capable(CAP_SYS_ADMIN)) return -EPERM;
err = bind_mtd(i, &buf.mtd_info);
break;
default:
......
drivers/s390/char/tubtty.c
View file @ 4c6871db
......@@ -561,7 +561,7 @@ tty3270_write_proc(struct file *file, const char *buffer,
/*
* Superuser-mode settings affect the driver overall ---
*/
if (!suser()) {
if (!capable(CAP_SYS_TTY_CONFIG)) {
return -EPERM;
} else if (strncmp(mybuf, "index=", 6) == 0) {
tty3270_proc_index = simple_strtoul(mybuf + 6, 0,0);
......
drivers/scsi/cpqfcTSinit.c
View file @ 4c6871db
......@@ -532,7 +532,7 @@ int cpqfcTS_ioctl( Scsi_Device *ScsiDev, int Cmnd, void *arg)
// must be super user to send stuff directly to the
// controller and/or physical drives...
if( !capable(CAP_SYS_ADMIN) )
if( !capable(CAP_SYS_RAWIO) )
return -EPERM;
// copy the caller's struct to our space.
......
fs/ufs/balloc.c
View file @ 4c6871db
......@@ -288,7 +288,7 @@ unsigned ufs_new_fragments (struct inode * inode, u32 * p, unsigned fragment,
/*
* There is not enough space for user on the device
*/
if (!fsuser() && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(usb1, UFS_MINFREE) <= 0) {
unlock_super (sb);
UFSD(("EXIT (FAILED)\n"))
return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7