diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2006-07-16 02:20:53 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-08-06 20:52:13 -0700 |
commit | 7e92c4788d4bbc03d00553dda3c3572b33ae0d2b (patch) | |
tree | 50f3aadc9b1bd470e8e768f610cd03e12b2d8321 | |
parent | ef2a8a41fdd6f0c8079e6fd4cad1eebdce99aa9a (diff) | |
download | linux-stable-7e92c4788d4bbc03d00553dda3c3572b33ae0d2b.tar.gz linux-stable-7e92c4788d4bbc03d00553dda3c3572b33ae0d2b.tar.bz2 linux-stable-7e92c4788d4bbc03d00553dda3c3572b33ae0d2b.zip |
Don't allow chmod() on the /proc/<pid>/ files
Don't allow chmod() on the /proc/<pid>/ files
This just turns off chmod() on the /proc/<pid>/ files, since there is no
good reason to allow it, and had we disallowed it originally, the nasty
/proc race exploit wouldn't have been possible.
The other patches already fixed the problem chmod() could cause, so this
is really just some final mop-up..
This particular version is based off a patch by Eugene and Marcel which
had much better naming than my original equivalent one.
Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/proc/base.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index f801693f6b14..a3b825f4e9a3 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -596,6 +596,27 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd) return proc_check_root(inode); } +static int proc_setattr(struct dentry *dentry, struct iattr *attr) +{ + int error; + struct inode *inode = dentry->d_inode; + + if (attr->ia_valid & ATTR_MODE) + return -EPERM; + + error = inode_change_ok(inode, attr); + if (!error) { + error = security_inode_setattr(dentry, attr); + if (!error) + error = inode_setattr(inode, attr); + } + return error; +} + +static struct inode_operations proc_def_inode_operations = { + .setattr = proc_setattr, +}; + static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd) { struct dentry *root; @@ -987,6 +1008,7 @@ static struct file_operations proc_oom_adjust_operations = { static struct inode_operations proc_mem_inode_operations = { .permission = proc_permission, + .setattr = proc_setattr, }; #ifdef CONFIG_AUDITSYSCALL @@ -1184,7 +1206,8 @@ out: static struct inode_operations proc_pid_link_inode_operations = { .readlink = proc_pid_readlink, - .follow_link = proc_pid_follow_link + .follow_link = proc_pid_follow_link, + .setattr = proc_setattr, }; #define NUMBUF 10 @@ -1356,6 +1379,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st ei->task = NULL; inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; inode->i_ino = fake_ino(task->pid, ino); + inode->i_op = &proc_def_inode_operations; if (!pid_alive(task)) goto out_unlock; @@ -1579,11 +1603,13 @@ static struct file_operations proc_task_operations = { static struct inode_operations proc_fd_inode_operations = { .lookup = proc_lookupfd, .permission = proc_permission, + .setattr = proc_setattr, }; static struct inode_operations proc_task_inode_operations = { .lookup = proc_task_lookup, .permission = proc_task_permission, + .setattr = proc_setattr, }; #ifdef CONFIG_SECURITY @@ -1873,10 +1899,12 @@ static struct file_operations proc_tid_base_operations = { static struct inode_operations proc_tgid_base_inode_operations = { .lookup = proc_tgid_base_lookup, + .setattr = proc_setattr, }; static struct inode_operations proc_tid_base_inode_operations = { .lookup = proc_tid_base_lookup, + .setattr = proc_setattr, }; #ifdef CONFIG_SECURITY @@ -1918,10 +1946,12 @@ static struct dentry *proc_tid_attr_lookup(struct inode *dir, static struct inode_operations proc_tgid_attr_inode_operations = { .lookup = proc_tgid_attr_lookup, + .setattr = proc_setattr, }; static struct inode_operations proc_tid_attr_inode_operations = { .lookup = proc_tid_attr_lookup, + .setattr = proc_setattr, }; #endif @@ -1946,6 +1976,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static struct inode_operations proc_self_inode_operations = { .readlink = proc_self_readlink, .follow_link = proc_self_follow_link, + .setattr = proc_setattr, }; /** |