[13120] in bugtraq
Re: BUG? Non-root user can configure traffic shaper (2.2.13) (fwd)
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Dec 28 16:47:37 1999
Content-Type: text
Message-Id: <E122khv-0008Sd-00@the-village.bc.nu>
Date: Tue, 28 Dec 1999 00:41:45 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: yuri@CS.LIGA.KIEV.UA
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9912272114040.1607-100000@cs.liga.kiev.ua> from
"Yuri Kuzmenko" at Dec 27, 99 09:31:15 pm
> Non-root users can change the SPEED of shaped interface. I.e., usual user
> can run "shapecfg speed shaper0 XXX" with success result. In my case
> non-root user increases speed of shaped interface to my proxy server. Yep,
> NO ANY suid's on `which shapecfg`. It's has 0755 permission.
>
This was reported a while ago and is already fixed in 2.2.14pre. Pick up the
patch from that to drivers/net/shaper.c. It is the only change needed.
Alan
