From: Eric Paris [EMAIL PROTECTED]
Date: Fri, 02 Mar 2007 13:29:50 -0500
The security hooks to check permissions to remove an xfrm_policy were
actually done after the policy was removed. Since the unlinking and
deletion are done in xfrm_policy_by* functions this moves the hooks
inside those
@@ -2552,7 +2550,7 @@ static int pfkey_spdget(struct sock
*sk, struct sk_buff *skb, struct sadb_msg *h
return -EINVAL;
xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir,
pol-sadb_x_policy_id,
- hdr-sadb_msg_type == SADB_X_SPDDELETE2);
+
Also, [Joy cc'd] deletions here needn't be audited?
OK, I see the next patch addressed this :)
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Venkat Yekkirala [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Venkat Yekkirala [EMAIL PROTECTED]
What about your previous comment:
I guess you meant to do this here?
else if (err)
return err;
--
James Morris
[EMAIL
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Venkat Yekkirala [EMAIL PROTECTED]
What about your previous comment:
I guess you meant to do this here?
else if (err)
return err;
I saw that this was taken care of in patch-2 for the delete case, but
On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote:
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Venkat Yekkirala [EMAIL PROTECTED]
What about your previous comment:
I guess you meant to do this here?
else if
On Fri, 2 Mar 2007, Eric Paris wrote:
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at