summaryrefslogtreecommitdiffstats
path: root/fs/proc
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2017-01-09 10:07:31 -0500
committerPaul Moore <paul@paul-moore.com>2017-01-09 10:07:31 -0500
commitb21507e272627c434e8dd74e8d51fd8245281b59 (patch)
tree3c8453724f6429e2bae5cd3cc9266104c2e6feea /fs/proc
parentbe0554c9bf9f7cc96f5205df8f8bd3573b74320e (diff)
downloadlinux-stable-b21507e272627c434e8dd74e8d51fd8245281b59.tar.gz
linux-stable-b21507e272627c434e8dd74e8d51fd8245281b59.tar.bz2
linux-stable-b21507e272627c434e8dd74e8d51fd8245281b59.zip
proc,security: move restriction on writing /proc/pid/attr nodes to proc
Processes can only alter their own security attributes via /proc/pid/attr nodes. This is presently enforced by each individual security module and is also imposed by the Linux credentials implementation, which only allows a task to alter its own credentials. Move the check enforcing this restriction from the individual security modules to proc_pid_attr_write() before calling the security hook, and drop the unnecessary task argument to the security hook since it can only ever be the current task. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/base.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 8e7e61b28f31..988c5a77e888 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2488,6 +2488,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
length = -ESRCH;
if (!task)
goto out_no_task;
+
+ /* A task may only write its own attributes. */
+ length = -EACCES;
+ if (current != task)
+ goto out;
+
if (count > PAGE_SIZE)
count = PAGE_SIZE;
@@ -2503,14 +2509,13 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
}
/* Guard against adverse ptrace interaction */
- length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
+ length = mutex_lock_interruptible(&current->signal->cred_guard_mutex);
if (length < 0)
goto out_free;
- length = security_setprocattr(task,
- (char*)file->f_path.dentry->d_name.name,
+ length = security_setprocattr(file->f_path.dentry->d_name.name,
page, count);
- mutex_unlock(&task->signal->cred_guard_mutex);
+ mutex_unlock(&current->signal->cred_guard_mutex);
out_free:
kfree(page);
out: