summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2006-07-16 02:20:53 +0200
committerGreg Kroah-Hartman <gregkh@suse.de>2006-08-06 20:52:13 -0700
commit7e92c4788d4bbc03d00553dda3c3572b33ae0d2b (patch)
tree50f3aadc9b1bd470e8e768f610cd03e12b2d8321
parentef2a8a41fdd6f0c8079e6fd4cad1eebdce99aa9a (diff)
downloadlinux-stable-7e92c4788d4bbc03d00553dda3c3572b33ae0d2b.tar.gz
linux-stable-7e92c4788d4bbc03d00553dda3c3572b33ae0d2b.tar.bz2
linux-stable-7e92c4788d4bbc03d00553dda3c3572b33ae0d2b.zip
Don't allow chmod() on the /proc/<pid>/ files
Don't allow chmod() on the /proc/<pid>/ files This just turns off chmod() on the /proc/<pid>/ files, since there is no good reason to allow it, and had we disallowed it originally, the nasty /proc race exploit wouldn't have been possible. The other patches already fixed the problem chmod() could cause, so this is really just some final mop-up.. This particular version is based off a patch by Eugene and Marcel which had much better naming than my original equivalent one. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--fs/proc/base.c33
1 files changed, 32 insertions, 1 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index f801693f6b14..a3b825f4e9a3 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -596,6 +596,27 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd)
return proc_check_root(inode);
}
+static int proc_setattr(struct dentry *dentry, struct iattr *attr)
+{
+ int error;
+ struct inode *inode = dentry->d_inode;
+
+ if (attr->ia_valid & ATTR_MODE)
+ return -EPERM;
+
+ error = inode_change_ok(inode, attr);
+ if (!error) {
+ error = security_inode_setattr(dentry, attr);
+ if (!error)
+ error = inode_setattr(inode, attr);
+ }
+ return error;
+}
+
+static struct inode_operations proc_def_inode_operations = {
+ .setattr = proc_setattr,
+};
+
static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd)
{
struct dentry *root;
@@ -987,6 +1008,7 @@ static struct file_operations proc_oom_adjust_operations = {
static struct inode_operations proc_mem_inode_operations = {
.permission = proc_permission,
+ .setattr = proc_setattr,
};
#ifdef CONFIG_AUDITSYSCALL
@@ -1184,7 +1206,8 @@ out:
static struct inode_operations proc_pid_link_inode_operations = {
.readlink = proc_pid_readlink,
- .follow_link = proc_pid_follow_link
+ .follow_link = proc_pid_follow_link,
+ .setattr = proc_setattr,
};
#define NUMBUF 10
@@ -1356,6 +1379,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
ei->task = NULL;
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
inode->i_ino = fake_ino(task->pid, ino);
+ inode->i_op = &proc_def_inode_operations;
if (!pid_alive(task))
goto out_unlock;
@@ -1579,11 +1603,13 @@ static struct file_operations proc_task_operations = {
static struct inode_operations proc_fd_inode_operations = {
.lookup = proc_lookupfd,
.permission = proc_permission,
+ .setattr = proc_setattr,
};
static struct inode_operations proc_task_inode_operations = {
.lookup = proc_task_lookup,
.permission = proc_task_permission,
+ .setattr = proc_setattr,
};
#ifdef CONFIG_SECURITY
@@ -1873,10 +1899,12 @@ static struct file_operations proc_tid_base_operations = {
static struct inode_operations proc_tgid_base_inode_operations = {
.lookup = proc_tgid_base_lookup,
+ .setattr = proc_setattr,
};
static struct inode_operations proc_tid_base_inode_operations = {
.lookup = proc_tid_base_lookup,
+ .setattr = proc_setattr,
};
#ifdef CONFIG_SECURITY
@@ -1918,10 +1946,12 @@ static struct dentry *proc_tid_attr_lookup(struct inode *dir,
static struct inode_operations proc_tgid_attr_inode_operations = {
.lookup = proc_tgid_attr_lookup,
+ .setattr = proc_setattr,
};
static struct inode_operations proc_tid_attr_inode_operations = {
.lookup = proc_tid_attr_lookup,
+ .setattr = proc_setattr,
};
#endif
@@ -1946,6 +1976,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
static struct inode_operations proc_self_inode_operations = {
.readlink = proc_self_readlink,
.follow_link = proc_self_follow_link,
+ .setattr = proc_setattr,
};
/**