net: Fix ns_capable check in sock_diag_put_filterinfo [ Upstream commit 78541c1dc60b65ecfce5a6a096fc260219d6784e ] The caller needs capabilities on the namespace being queried, not on their own namespace. This is a security bug, although it likely has only a minor impact. Cc: stable@vger.kernel.org Signed-off-by: Andy Lutomirski <luto@amacapital.net> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: eac664d2832178c1d3a5e7560a26c10001717b77 [log] [tgz]
author: Andrew Lutomirski <luto@amacapital.net> Wed Apr 16 21:41:34 2014 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Fri May 30 21:52:15 2014 -0700
tree: 55cd18545fc8724151d52779cec90822fcbe63b4
parent: e5eae4a0511241959498b180fa0df0d4f1b11b9c [diff] [blame]
diff --git a/net/packet/diag.c b/net/packet/diag.c
index a9584a2..ec8b6e8 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c

@@ -171,7 +171,7 @@
 		goto out_nlmsg_trim;
 
 	if ((req->pdiag_show & PACKET_SHOW_FILTER) &&
-	    sock_diag_put_filterinfo(user_ns, sk, skb, PACKET_DIAG_FILTER))
+	    sock_diag_put_filterinfo(sk, skb, PACKET_DIAG_FILTER))
 		goto out_nlmsg_trim;
 
 	return nlmsg_end(skb, nlh);
commit	eac664d2832178c1d3a5e7560a26c10001717b77	[log] [tgz]
author	Andrew Lutomirski <luto@amacapital.net>	Wed Apr 16 21:41:34 2014 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Fri May 30 21:52:15 2014 -0700
tree	55cd18545fc8724151d52779cec90822fcbe63b4
parent	e5eae4a0511241959498b180fa0df0d4f1b11b9c [diff] [blame]