Check if user has CAP_NET_ADMIN capability to change congestion control
algorithm.
Under normal circumstances a application programmer doesn't have enough
information to choose the "right" algorithm (expect he is the pchar/pathchar
maintainer). At 99.9% only the local host administrator has the knowledge to
select a proper standard, system-wide algorithm (the remaining 0.1% are
for testing purpose). If we let the user select an alternative algorithm we
introduce one potential weak spot - so we ban this eventuality.
HGN
Signed-off-by: Hagen Paul Pfeifer <[EMAIL PROTECTED]>
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index af0aca1..c1ae2e9 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -10,6 +10,7 @@ #include <linux/module.h>
#include <linux/mm.h>
#include <linux/types.h>
#include <linux/list.h>
+#include <linux/capability.h>
#include <net/tcp.h>
static DEFINE_SPINLOCK(tcp_cong_list_lock);
@@ -151,6 +152,9 @@ int tcp_set_congestion_control(struct so
struct tcp_congestion_ops *ca;
int err = 0;
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
rcu_read_lock();
ca = tcp_ca_find(name);
if (ca == icsk->icsk_ca_ops)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
