[PATCH 2.4.29] nbd: fix ioctl permissions

[PATCH 2.4.29] nbd: fix ioctl permissions

[Paul Clements]

[-- Attachment #1: Type: text/plain, Size: 231 bytes --]

Hi Marcelo,

Here's a patch for nbd that Rogier recently sent me. It allows non-root 
to do BLKGETSIZE, et al. on nbd devices, which he needs for his data 
recovery applications.

Tested against 2.4.29. Please apply.

Thanks,
Paul

[-- Attachment #2: nbd_fix_ioctl_perms.diff --]
[-- Type: text/plain, Size: 1489 bytes --]

From: Rogier Wolff <R.E.Wolff@BitWizard.nl>
Signed-Off-By: Paul Clements <Paul.Clements@SteelEye.com>

Description: We shouldn't need CAP_SYS_ADMIN to ask for disk capacity and such.

===

diff -ur linux-2.4.28.clean/drivers/block/nbd.c linux-2.4.28.nbd-fix/drivers/block/nbd.c
--- linux-2.4.28.clean/drivers/block/nbd.c	Wed Jan 19 18:14:01 2005
+++ linux-2.4.28.nbd-fix/drivers/block/nbd.c	Wed Jan 19 16:36:59 2005
@@ -408,10 +408,7 @@
 	int dev, error, temp;
 	struct request sreq ;
 
-	/* Anyone capable of this syscall can do *real bad* things */
 
-	if (!capable(CAP_SYS_ADMIN))
-		return -EPERM;
 	if (!inode)
 		return -EINVAL;
 	dev = MINOR(inode->i_rdev);
@@ -419,6 +416,20 @@
 		return -ENODEV;
 
 	lo = &nbd_dev[dev];
+
+	/* these are innocent, but.... */
+	switch (cmd) {
+	case BLKGETSIZE:
+		return put_user(nbd_bytesizes[dev] >> 9, (unsigned long *) arg);
+	case BLKGETSIZE64:
+		return put_user((u64)nbd_bytesizes[dev], (u64 *) arg);
+	}
+
+	/* ... anyone capable of any of the below ioctls can do *real bad* 
+	   things */
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	switch (cmd) {
 	case NBD_DISCONNECT:
 	        printk("NBD_DISCONNECT\n");
@@ -524,10 +535,6 @@
 		       dev, lo->queue_head.next, lo->queue_head.prev, requests_in, requests_out);
 		return 0;
 #endif
-	case BLKGETSIZE:
-		return put_user(nbd_bytesizes[dev] >> 9, (unsigned long *) arg);
-	case BLKGETSIZE64:
-		return put_user((u64)nbd_bytesizes[dev], (u64 *) arg);
 	}
 	return -EINVAL;
 }