From f9b9503e757b5fc69ab93bc1e4f7e80de85f0831 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Tue, 24 Aug 2010 20:43:59 +0200
Subject: Base access decisions only on capable(), not euid

---
 ncr-key.c | 2 +-
 ncr.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ncr-key.c b/ncr-key.c
index 3860f7f..a7019f5 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -311,7 +311,7 @@ fail:
 
 int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags)
 {
-	if (current_euid() != 0 && (flags & NCR_KEY_FLAG_WRAPPING) != 0)
+	if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0)
 		return -EPERM;
 	item->flags = flags;
 	return 0;
diff --git a/ncr.c b/ncr.c
index 615b29d..f9f6026 100644
--- a/ncr.c
+++ b/ncr.c
@@ -79,7 +79,7 @@ static int ncr_master_key_set(void __user *arg)
 {
 struct ncr_master_key_st st;
 
-	if (current_euid() != 0 && !capable(CAP_SYS_ADMIN)) {
+	if (!capable(CAP_SYS_ADMIN)) {
 		err();
 		return -EPERM;
 	}
-- 
cgit