hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sst-linux/net/ipv4/netfilter
History
Björn Steinbrink 82fac0542e [NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer 
The 32bit compatibility layer has no CAP_NET_ADMIN check in
compat_do_ipt_get_ctl, which for example allows to list the current
iptables rules even without having that capability (the non-compat
version requires it). Other capabilities might be required to exploit
the bug (eg. CAP_NET_RAW to get the nfnetlink socket?), so a plain user
can't exploit it, but a setup actually using the posix capability system
might very well hit such a constellation of granted capabilities.

Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-10-20 00:21:10 -07:00
..
arp_tables.c
[NETFILTER]: arp_tables: missing unregistration on module unload
2006-10-15 23:14:07 -07:00
arpt_mangle.c
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
2006-09-22 14:55:34 -07:00
arptable_filter.c
[NETFILTER]: x_tables: remove unused argument to target functions
2006-09-22 14:55:33 -07:00
ip_conntrack_amanda.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_core.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_ftp.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_helper_h323_asn1.c
[NETFILTER]: H.323 helper: fix sequence extension parsing
2006-05-23 15:15:10 -07:00
ip_conntrack_helper_h323_types.c
[NETFILTER]: H.323 helper: Add support for Call Forwarding
2006-06-17 21:29:11 -07:00
ip_conntrack_helper_h323.c
[NETFILTER]: h323 annotations
2006-09-28 18:03:03 -07:00
ip_conntrack_helper_pptp.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_irc.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_netbios_ns.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_netlink.c
[NETFILTER]: ctnetlink: Remove debugging messages
2006-10-15 23:14:11 -07:00
ip_conntrack_proto_generic.c
[NETFILTER]: Change tunables to __read_mostly
2006-09-22 15:18:54 -07:00
ip_conntrack_proto_gre.c
[NETFILTER]: PPTP conntrack: fix whitespace errors
2006-09-22 15:20:07 -07:00
ip_conntrack_proto_icmp.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_proto_sctp.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_proto_tcp.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_proto_udp.c
[NETFILTER]: Change tunables to __read_mostly
2006-09-22 15:18:54 -07:00
ip_conntrack_sip.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_conntrack_standalone.c
[NETFILTER]: kill listhelp.h
2006-09-22 15:19:45 -07:00
ip_conntrack_tftp.c
[NETFILTER]: conntrack annotations
2006-09-28 18:03:00 -07:00
ip_nat_amanda.c
[NETFILTER]: Rename init functions.
2006-03-28 17:02:48 -08:00
ip_nat_core.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_ftp.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_helper_h323.c
[NETFILTER]: h323 annotations
2006-09-28 18:03:03 -07:00
ip_nat_helper_pptp.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_helper.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_irc.c
[NETFILTER]: Rename init functions.
2006-03-28 17:02:48 -08:00
ip_nat_proto_gre.c
[NETFILTER]: PPTP conntrack: get rid of unnecessary byte order conversions
2006-09-22 15:20:08 -07:00
ip_nat_proto_icmp.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_proto_tcp.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_proto_udp.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_proto_unknown.c
[NETFILTER]: Remove unused function from NAT protocol helpers
2006-01-10 12:54:34 -08:00
ip_nat_rule.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_sip.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_snmp_basic.c
[NETFILTER]: NAT annotations
2006-09-28 18:03:01 -07:00
ip_nat_standalone.c
[NETFILTER]: add type parameter to ip_route_me_harder
2006-10-04 00:30:54 -07:00
ip_nat_tftp.c
[NETFILTER]: Rename init functions.
2006-03-28 17:02:48 -08:00
ip_queue.c
[NETFILTER]: make some netfilter globals __read_mostly
2006-09-22 15:19:58 -07:00
ip_tables.c
[NETFILTER]: Missing check for CAP_NET_ADMIN in iptables compat layer
2006-10-20 00:21:10 -07:00
ipt_addrtype.c
[IPV4]: inet_addr_type() annotations
2006-09-28 18:01:07 -07:00
ipt_ah.c
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
2006-09-22 14:55:34 -07:00
ipt_CLUSTERIP.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_ecn.c
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
2006-09-22 14:55:34 -07:00
ipt_ECN.c
[NETFILTER]: ipt_ECN/ipt_TOS: fix incorrect checksum update
2006-10-15 23:14:08 -07:00
ipt_hashlimit.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_iprange.c
[NETFILTER]: Rename init functions.
2006-03-28 17:02:48 -08:00
ipt_LOG.c
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
2006-09-22 14:55:34 -07:00
ipt_MASQUERADE.c
[IPV4]: inet_select_addr() annotations
2006-09-28 17:54:08 -07:00
ipt_NETMAP.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_owner.c
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
2006-09-22 14:55:34 -07:00
ipt_recent.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_REDIRECT.c
[IPV4]: annotate struct in_ifaddr
2006-09-28 18:00:55 -07:00
ipt_REJECT.c
[NETFILTER]: ipt_REJECT: remove largely duplicate route_reverse function
2006-10-04 00:30:56 -07:00
ipt_SAME.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_TCPMSS.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_tos.c
[NETFILTER]: Rename init functions.
2006-03-28 17:02:48 -08:00
ipt_TOS.c
[NETFILTER]: ipt_ECN/ipt_TOS: fix incorrect checksum update
2006-10-15 23:14:08 -07:00
ipt_ttl.c
[NETFILTER]: Rename init functions.
2006-03-28 17:02:48 -08:00
ipt_TTL.c
[NETFILTER]: ipt annotations
2006-09-28 18:03:02 -07:00
ipt_ULOG.c
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
2006-09-22 14:55:34 -07:00
iptable_filter.c
[NETFILTER]: x_tables: remove unused argument to target functions
2006-09-22 14:55:33 -07:00
iptable_mangle.c
[NETFILTER]: add type parameter to ip_route_me_harder
2006-10-04 00:30:54 -07:00
iptable_raw.c
[NETFILTER]: x_tables: remove unused argument to target functions
2006-09-22 14:55:33 -07:00
Kconfig
more misc typo fixes
2006-10-03 22:34:14 +02:00
Makefile
[NETFILTER]: x_tables: replace IPv4 DSCP target by address family independent version
2006-09-22 14:55:22 -07:00
nf_conntrack_l3proto_ipv4.c
Remove obsolete #include <linux/config.h>
2006-06-30 19:25:36 +02:00
nf_conntrack_proto_icmp.c
[NETFILTER]: Change tunables to __read_mostly
2006-09-22 15:18:54 -07:00