* Permissions down /sys
@ 2007-07-09 20:17 Andy Green
2007-07-09 20:57 ` Michael Buesch
0 siblings, 1 reply; 4+ messages in thread
From: Andy Green @ 2007-07-09 20:17 UTC (permalink / raw)
To: linux-wireless
Hi folks -
Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
remove_iface really okay, or should it perhaps be 220?
--w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
--w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
-Andy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Permissions down /sys
2007-07-09 20:17 Permissions down /sys Andy Green
@ 2007-07-09 20:57 ` Michael Buesch
2007-07-09 21:03 ` Andy Green
2007-07-10 12:57 ` Johannes Berg
0 siblings, 2 replies; 4+ messages in thread
From: Michael Buesch @ 2007-07-09 20:57 UTC (permalink / raw)
To: Andy Green; +Cc: linux-wireless, Johannes Berg
On Monday 09 July 2007 22:17:35 Andy Green wrote:
> Hi folks -
>
> Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
> remove_iface really okay, or should it perhaps be 220?
>
> --w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
> --w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
IMO the file-permissions are correct, _but_ the following should
be added to _store_remove_iface() and _store_add_iface():
if (!capable(CAP_NET_ADMIN))
return -EPERM;
--
Greetings Michael.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Permissions down /sys
2007-07-09 20:57 ` Michael Buesch
@ 2007-07-09 21:03 ` Andy Green
2007-07-10 12:57 ` Johannes Berg
1 sibling, 0 replies; 4+ messages in thread
From: Andy Green @ 2007-07-09 21:03 UTC (permalink / raw)
To: Michael Buesch; +Cc: linux-wireless, Johannes Berg
Michael Buesch wrote:
> On Monday 09 July 2007 22:17:35 Andy Green wrote:
>> Hi folks -
>>
>> Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
>> remove_iface really okay, or should it perhaps be 220?
>>
>> --w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
>> --w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
>
> IMO the file-permissions are correct, _but_ the following should
> be added to _store_remove_iface() and _store_add_iface():
>
> if (!capable(CAP_NET_ADMIN))
> return -EPERM;
>
Fair enough... one or the other needs doing though because right now you
can delete wlan0 as a mortal user (just tried it... you can't nuke
wmaster0 though) and I guess exhaust the possible max interfaces too. I
made a patch changing the perms to S_IWUSR|S_IWGRP, but your method is
smarter.
-Andy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Permissions down /sys
2007-07-09 20:57 ` Michael Buesch
2007-07-09 21:03 ` Andy Green
@ 2007-07-10 12:57 ` Johannes Berg
1 sibling, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2007-07-10 12:57 UTC (permalink / raw)
To: Michael Buesch; +Cc: Andy Green, linux-wireless
[-- Attachment #1: Type: text/plain, Size: 639 bytes --]
On Mon, 2007-07-09 at 22:57 +0200, Michael Buesch wrote:
> On Monday 09 July 2007 22:17:35 Andy Green wrote:
> > Hi folks -
> >
> > Is 222 permissions on /sys/class/ieee80211/phy*/add_iface and
> > remove_iface really okay, or should it perhaps be 220?
> >
> > --w--w--w- 1 root root 0 2007-07-09 21:11 add_iface
> > --w--w--w- 1 root root 4096 2007-07-09 21:12 remove_iface
>
> IMO the file-permissions are correct, _but_ the following should
> be added to _store_remove_iface() and _store_add_iface():
>
> if (!capable(CAP_NET_ADMIN))
> return -EPERM;
Uh huh, yes, of course. Do you have a patch?
johannes
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-07-10 12:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-09 20:17 Permissions down /sys Andy Green
2007-07-09 20:57 ` Michael Buesch
2007-07-09 21:03 ` Andy Green
2007-07-10 12:57 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).