kernel (traffic shaper)


    Linux 2.2.13


    Yuri Kuzmenko found following.  Standard traffic shaper in  2.2.13
    kernel is a  very simple and  cool thing.   But speed of  shapered
    device successfully  configured by  non-root user.   This is  very
    bad...  I.e., usual user can run "shapecfg speed shaper0 XXX" with
    success result.  In testing case non-root user increases speed  of
    shaped interface to testing proxy  server.  Yep, NO ANY  suid's on
    `which shapecfg`.   It's has 0755  permission.  All  if this means
    that traffic shaper in insecure  because can be configured by  any
    user with shell account.

    Also, traffic shaper works correctly only when it's compiled as  a
    module.  But one can select in "make menuconfig" to compile shaper
    into kernel (2.2.13).   So, result is  kernel trap when  first use
    of shaped interface.  Maybe second bug is not a shaper issue,  but
    "make menuconfig" should be fixed.


    This was reported a while  ago and is already fixed  in 2.2.14pre.
    Pick up  the patch  from that  to drivers/net/shaper.c.  It is the
    only change needed.