Skip to content

Commit c568398

Browse files
ottherbertx
authored andcommitted
crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN
CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher details, such as cipher priorities, for AF_ALG. Signed-off-by: Matthias-Christian Ott <ott@mirix.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 parent da37503 commit c568398

1 file changed

Lines changed: 9 additions & 3 deletions

File tree

crypto/crypto_user.c

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -265,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
265265
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
266266
LIST_HEAD(list);
267267

268+
if (!capable(CAP_NET_ADMIN))
269+
return -EPERM;
270+
268271
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
269272
return -EINVAL;
270273

@@ -295,6 +298,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
295298
struct crypto_alg *alg;
296299
struct crypto_user_alg *p = nlmsg_data(nlh);
297300

301+
if (!capable(CAP_NET_ADMIN))
302+
return -EPERM;
303+
298304
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
299305
return -EINVAL;
300306

@@ -379,6 +385,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
379385
struct crypto_user_alg *p = nlmsg_data(nlh);
380386
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
381387

388+
if (!capable(CAP_NET_ADMIN))
389+
return -EPERM;
390+
382391
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
383392
return -EINVAL;
384393

@@ -466,9 +475,6 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
466475
type -= CRYPTO_MSG_BASE;
467476
link = &crypto_dispatch[type];
468477

469-
if (!capable(CAP_NET_ADMIN))
470-
return -EPERM;
471-
472478
if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
473479
(nlh->nlmsg_flags & NLM_F_DUMP))) {
474480
struct crypto_alg *alg;

0 commit comments

Comments
 (0)