[PATCH] wireless-dev: relax sysfs permissions

[PATCH] wireless-dev: relax sysfs permissions

[Johannes Berg]

The sysfs attributes add_iface and remove_iface both check for
CAP_NET_ADMIN whenever something is written. Hence, permissions for the
files should be relaxed so that someone who is not root but happens to
have CAP_NET_ADMIN can do things.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>

--- wireless-dev.orig/net/d80211/ieee80211_sysfs.c	2006-08-16 15:45:41.000000000 +0200
+++ wireless-dev/net/d80211/ieee80211_sysfs.c	2006-08-16 15:46:05.000000000 +0200
@@ -195,8 +195,8 @@
 __IEEE80211_LOCAL_SHOW(rate_ctrl_alg);
 
 static struct class_device_attribute ieee80211_class_dev_attrs[] = {
-	__ATTR(add_iface, S_IWUSR, NULL, store_add_iface),
-	__ATTR(remove_iface, S_IWUSR, NULL, store_remove_iface),
+	__ATTR(add_iface, S_IWUGO, NULL, store_add_iface),
+	__ATTR(remove_iface, S_IWUGO, NULL, store_remove_iface),
 	__ATTR(channel, S_IRUGO, ieee80211_local_show_channel, NULL),
 	__ATTR(frequency, S_IRUGO, ieee80211_local_show_frequency, NULL),
 	__ATTR(radar_detect, S_IRUGO, ieee80211_local_show_radar_detect, NULL),

Re: [PATCH] wireless-dev: relax sysfs permissions

[Jiri Benc]

On Wed, 16 Aug 2006 15:49:45 +0200, Johannes Berg wrote:
> The sysfs attributes add_iface and remove_iface both check for
> CAP_NET_ADMIN whenever something is written. Hence, permissions for the
> files should be relaxed so that someone who is not root but happens to
> have CAP_NET_ADMIN can do things.

I'm not sure about this. Greg, what's the policy here?

Note that there is also another way for adding and removing interfaces -
via nl80211 netlink interface (not finished yet but will go in shortly).

> 
> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
> 
> --- wireless-dev.orig/net/d80211/ieee80211_sysfs.c	2006-08-16 15:45:41.000000000 +0200
> +++ wireless-dev/net/d80211/ieee80211_sysfs.c	2006-08-16 15:46:05.000000000 +0200
> @@ -195,8 +195,8 @@
>  __IEEE80211_LOCAL_SHOW(rate_ctrl_alg);
>  
>  static struct class_device_attribute ieee80211_class_dev_attrs[] = {
> -	__ATTR(add_iface, S_IWUSR, NULL, store_add_iface),
> -	__ATTR(remove_iface, S_IWUSR, NULL, store_remove_iface),
> +	__ATTR(add_iface, S_IWUGO, NULL, store_add_iface),
> +	__ATTR(remove_iface, S_IWUGO, NULL, store_remove_iface),
>  	__ATTR(channel, S_IRUGO, ieee80211_local_show_channel, NULL),
>  	__ATTR(frequency, S_IRUGO, ieee80211_local_show_frequency, NULL),
>  	__ATTR(radar_detect, S_IRUGO, ieee80211_local_show_radar_detect, NULL),
> 
> 

Thanks,

 Jiri

-- 
Jiri Benc
SUSE Labs

Re: [PATCH] wireless-dev: relax sysfs permissions

[Greg KH]

On Tue, Aug 22, 2006 at 04:47:40PM +0200, Jiri Benc wrote:
> On Wed, 16 Aug 2006 15:49:45 +0200, Johannes Berg wrote:
> > The sysfs attributes add_iface and remove_iface both check for
> > CAP_NET_ADMIN whenever something is written. Hence, permissions for the
> > files should be relaxed so that someone who is not root but happens to
> > have CAP_NET_ADMIN can do things.
> 
> I'm not sure about this. Greg, what's the policy here?

I don't know, it's not a normal sysfs thing to rely on capability
checks, almost everything that I know of uses the permission bits on the
files.  But I don't have a problem with making the permissions on the
file open, yet restricting things to CAP_NET_ADMIN, if that preserves
the proper functionality.

thanks,

greg k-h