net: Don't export sysctls to unprivileged users

[deliverable/linux.git] / net / ipv6 / addrconf.c

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index cb803b7bb0d8dc534781ee6c241bd18d88d6e90c..b24b4de5cd26352031258d385b0c315e2edfd53b 100644 (file)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4735,6 +4735,10 @@ static int __addrconf_sysctl_register(struct net *net, char *dev_name,
                t->addrconf_vars[i].extra2 = net;
        }
 
+       /* Don't export sysctls to unprivileged users */
+       if (net->user_ns != &init_user_ns)
+               t->addrconf_vars[0].procname = NULL;
+
        snprintf(path, sizeof(path), "net/ipv6/conf/%s", dev_name);
 
        t->sysctl_header = register_net_sysctl(net, path, t->addrconf_vars);