Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / ed77de9fc69076e6e7c85edf7c1b70650f53121a
commited77de9fc69076e6e7c85edf7c1b70650f53121a[log] [tgz]
authorHarald Welte <laforge@netfilter.org>Wed Nov 09 13:02:16 2005 -0800
committerDavid S. Miller <davem@davemloft.net>Wed Nov 09 13:02:16 2005 -0800
treeeb75bc1a632003f97d50920023e7802f5e2ae169
parent5978a9b82c55b82a1087bd86e0ae8b00f94d0d0b [diff]
[NETFILTER] nfnetlink: only load subsystems if CAP_NET_ADMIN is set

Without this patch, any user can cause nfnetlink subsystems to be
autoloaded.  Those subsystems however could add significant processing
overhead to packet processing, and would refuse any configuration messages
from non-CAP_NET_ADMIN processes anyway.

This patch follows a suggestion from Patrick McHardy.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: eb75bc1a632003f97d50920023e7802f5e2ae169
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. COPYING
  20. CREDITS
  21. Kbuild
  22. MAINTAINERS
  23. Makefile
  24. README
  25. REPORTING-BUGS