linux/net
Paul Moore f8687afefc [NetLabel]: protect the CIPSOv4 socket option from setsockopt()
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket.  The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send.  The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-10-30 15:24:49 -08:00
..
802 [TR]: endiannness annotations 2006-09-28 17:53:59 -07:00
8021q [PATCH] Finish annotations of struct vlan_ethhdr 2006-10-10 16:15:34 -07:00
appletalk [APPLETALK]: Fix potential OOPS in atalk_sendmsg(). 2006-10-30 15:24:34 -08:00
atm [ATM]: handle sysfs errors 2006-10-21 19:55:22 -07:00
ax25 [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
bluetooth [Bluetooth] Fix HID disconnect NULL pointer dereference 2006-10-20 01:15:05 -07:00
bridge [BRIDGE]: correct print message typo 2006-10-25 23:07:37 -07:00
core [NET]: Fix segmentation of linear packets 2006-10-30 15:24:36 -08:00
dccp [DCCP]: fix printk format warnings 2006-10-30 15:24:37 -08:00
decnet [DECNET]: Fix input routing bug 2006-10-18 20:45:22 -07:00
econet [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
ethernet [NET]: Annotate dst_ops protocol 2006-09-28 18:02:58 -07:00
ieee80211 [CRYPTO] users: Select ECB/CBC where needed 2006-10-25 16:51:05 +10:00
ipv4 [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30 15:24:49 -08:00
ipv6 [NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables 2006-10-30 15:24:44 -08:00
ipx [IPX]: Fix typo, ipxhdr() --> ipx_hdr() 2006-08-09 17:36:15 -07:00
irda [PATCH] strndup() would better take size_t, not int 2006-10-10 15:37:24 -07:00
key IPsec: correct semantics for SELinux policy matching 2006-10-11 23:59:37 -07:00
lapb [LAPB]: Fix windowsize check 2006-08-05 21:15:58 -07:00
llc [LLC]: multicast receive device match 2006-08-13 18:56:26 -07:00
netfilter [NETFILTER]: nf_conntrack: add missing unlock in get_next_corpse() 2006-10-30 15:24:46 -08:00
netlabel NetLabel: fix a cache race condition 2006-10-11 23:59:29 -07:00
netlink [NET]: fix uaccess handling 2006-10-30 15:24:41 -08:00
netrom [NETROM] lockdep: fix false positive 2006-07-12 13:59:02 -07:00
packet [NET]: Fix sk->sk_filter field access 2006-09-22 15:18:47 -07:00
rose [ROSE] lockdep: fix false positive 2006-07-12 13:58:59 -07:00
rxrpc [PATCH] kmemdup: some users 2006-10-01 00:39:19 -07:00
sched [PKT_SCHED] netem: Orphan SKB when adding to queue. 2006-10-22 21:00:33 -07:00
sctp [SCTP]: Always linearise packet on input 2006-10-30 15:24:39 -08:00
sunrpc [PATCH] fix "sunrpc: fix refcounting problems in rpc servers" 2006-10-30 12:12:21 -08:00
tipc [TIPC]: Updated TIPC version number to 1.6.2 2006-10-18 19:55:24 -07:00
unix [AF_UNIX]: Change max_dgram_qlen sysctl to __read_mostly 2006-09-22 15:18:42 -07:00
wanrouter [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
x25 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
xfrm [XFRM] xfrm_user: Fix unaligned accesses. 2006-10-30 15:24:35 -08:00
compat.c [NET]: File descriptor loss while receiving SCM_RIGHTS 2006-10-11 23:59:48 -07:00
Kconfig [NET] Kconfig: fix cut/paste error in TCPPROBE 2006-09-28 17:53:57 -07:00
Makefile [NetLabel]: core NetLabel subsystem 2006-09-22 14:53:34 -07:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00