aboutsummaryrefslogtreecommitdiffstats
path: root/fs/sysfs
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2007-04-26 03:12:05 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2007-04-27 13:57:33 -0400
commit057f6c019fff9ee290641d50647359bb8898918e (patch)
treec051a915e2038825dd2f50f24fc28abb3c4a5e79 /fs/sysfs
parent523ded71de0c5e66973335bf99a80edfda9f401b (diff)
security: prevent permission checking of file removal via sysfs_remove_group()
Prevent permission checking from being performed when the kernel wants to unconditionally remove a sysfs group, by introducing an kernel-only variant of lookup_one_len(), lookup_one_len_kern(). Additionally, as sysfs_remove_group() does not check the return value of the lookup before using it, a BUG_ON has been added to pinpoint the cause of any problems potentially caused by this (and as a form of annotation). Signed-off-by: James Morris <jmorris@namei.org> Cc: Nagendra Singh Tomar <nagendra_tomar@adaptec.com> Cc: Tejun Heo <htejun@gmail.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs/sysfs')
-rw-r--r--fs/sysfs/group.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/sysfs/group.c b/fs/sysfs/group.c
index b20951c93761..52eed2a7a5ef 100644
--- a/fs/sysfs/group.c
+++ b/fs/sysfs/group.c
@@ -70,9 +70,11 @@ void sysfs_remove_group(struct kobject * kobj,
70{ 70{
71 struct dentry * dir; 71 struct dentry * dir;
72 72
73 if (grp->name) 73 if (grp->name) {
74 dir = lookup_one_len(grp->name, kobj->dentry, 74 dir = lookup_one_len_kern(grp->name, kobj->dentry,
75 strlen(grp->name)); 75 strlen(grp->name));
76 BUG_ON(IS_ERR(dir));
77 }
76 else 78 else
77 dir = dget(kobj->dentry); 79 dir = dget(kobj->dentry);
78 80