Hi, It seems to me that supplementary groups should be taken into account when checking for permissions on a tun device. Can someone comment on my patch below; is it a reasonable approach? If so, I'd like to submit it for inclusion in the kernel under the GPL.
Please forward any responses to me directly in addition to the lkml. Mike --- tun.c 2007-11-16 10:14:27.000000000 -0800 +++ tun.c.new 2007-11-21 16:12:15.000000000 -0800 @@ -471,7 +471,8 @@ if (((tun->owner != -1 && current->euid != tun->owner) || (tun->group != -1 && - current->egid != tun->group)) && + (current->egid != tun->group && + !groups_search(current->group_info, tun->group)))) && !capable(CAP_NET_ADMIN)) return -EPERM; } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/