[PATCH] Only disallow _setting_ of function key string

Mikael Pettersson <mikpe@csd.uu.se> noted that the current 2.6-git (and 2.4)
patch to disallow KDSKBSENT for unpriviledged users should be less restrictive
allowing reading of current function key string entry, but not writing.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/drivers/char/vt_ioctl.c b/drivers/char/vt_ioctl.c
index 003dda147cd093a226d52a485d7b98d64186874d..24011e7c81ff72fa6bade2d7c889c8a0c2c48c5a 100644 (file)
--- a/drivers/char/vt_ioctl.c
+++ b/drivers/char/vt_ioctl.c
@@ -80,6 +80,9 @@ do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_str
        if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
                return -EFAULT;
 
+       if (!capable(CAP_SYS_TTY_CONFIG))
+               perm = 0;
+
        switch (cmd) {
        case KDGKBENT:
                key_map = key_maps[s];
@@ -193,7 +196,7 @@ do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
        int ret;
 
        if (!capable(CAP_SYS_TTY_CONFIG))
-               return -EPERM;
+               perm = 0;
 
        kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
        if (!kbs) {