agp: remove uid comparison as security check
authorserue@us.ibm.com <serue@us.ibm.com>
Wed, 5 Dec 2007 21:55:36 +0000 (13:55 -0800)
committerDave Airlie <airlied@redhat.com>
Tue, 5 Feb 2008 04:33:32 +0000 (14:33 +1000)
In the face of containers and user namespaces, a uid==0 check for
security is not safe.  Switch to a capability check.

I'm not sure I picked the right capability, but this being AGP
CAP_SYS_RAWIO seemed to make sense.

Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
drivers/char/agp/frontend.c

index 9bd5a95..55d7a82 100644 (file)
@@ -689,7 +689,7 @@ static int agp_open(struct inode *inode, struct file *file)
        set_bit(AGP_FF_ALLOW_CLIENT, &priv->access_flags);
        priv->my_pid = current->pid;
 
-       if ((current->uid == 0) || (current->suid == 0)) {
+       if (capable(CAP_SYS_RAWIO)) {
                /* Root priv, can be controller */
                set_bit(AGP_FF_ALLOW_CONTROLLER, &priv->access_flags);
        }