On Fri, Apr 14, 2006 at 10:59:13AM -0700, Randy.Dunlap wrote:
> On Fri, 14 Apr 2006 10:47:26 -0700 Jean Tourrilhes wrote:
>
> > Hi John,
> >
> > I've just realised that the RtNetlink code does not check the
> > permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
> > any us
On Fri, Apr 14, 2006 at 10:59:13AM -0700, Randy.Dunlap wrote:
> On Fri, 14 Apr 2006 10:47:26 -0700 Jean Tourrilhes wrote:
>
> > Hi John,
> >
> > I've just realised that the RtNetlink code does not check the
> > permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
> > any us
On Fri, 14 Apr 2006 10:47:26 -0700 Jean Tourrilhes wrote:
> Hi John,
>
> I've just realised that the RtNetlink code does not check the
> permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
> any user can read the encryption keys. The fix is trivial and should
> go in 2
Hi John,
I've just realised that the RtNetlink code does not check the
permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
any user can read the encryption keys. The fix is trivial and should
go in 2.6.17 alonside the two other patch I sent you last week.
Fu
