• pageexec's avatar
    [IPVS]: Fix for overflows · 4da62fc7
    pageexec authored
    From: <pageexec@freemail.hu>
    
    $subject was fixed in 2.4 already, 2.6 needs it as well.
    
    The impact of the bugs is a kernel stack overflow and privilege escalation
    from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON
    ioctls.  People running with 'root=all caps' (i.e., most users) are not
    really affected (there's nothing to escalate), but SELinux and similar
    users should take it seriously if they grant CAP_NET_ADMIN to other users.
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    4da62fc7
ip_vs_ctl.c 54.7 KB