diff options
author | Linus Torvalds <torvalds@evo.osdl.org> | 2006-07-15 15:26:45 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@evo.osdl.org> | 2006-07-15 15:26:45 -0400 |
commit | 6d76fa58b050044994fe25f8753b8023f2b36737 (patch) | |
tree | 86964d8aeb297fe4346f73d812519646c7fdca20 /fs | |
parent | 92d032855e64834283de5acfb0463232e0ab128e (diff) |
Don't allow chmod() on the /proc/<pid>/ files
This just turns off chmod() on the /proc/<pid>/ files, since there is no
good reason to allow it, and had we disallowed it originally, the nasty
/proc race exploit wouldn't have been possible.
The other patches already fixed the problem chmod() could cause, so this
is really just some final mop-up..
This particular version is based off a patch by Eugene and Marcel which
had much better naming than my original equivalent one.
Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/proc/base.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 474eae345068..fe8d55fb17cc 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -551,6 +551,27 @@ static int proc_fd_access_allowed(struct inode *inode) | |||
551 | return allowed; | 551 | return allowed; |
552 | } | 552 | } |
553 | 553 | ||
554 | static int proc_setattr(struct dentry *dentry, struct iattr *attr) | ||
555 | { | ||
556 | int error; | ||
557 | struct inode *inode = dentry->d_inode; | ||
558 | |||
559 | if (attr->ia_valid & ATTR_MODE) | ||
560 | return -EPERM; | ||
561 | |||
562 | error = inode_change_ok(inode, attr); | ||
563 | if (!error) { | ||
564 | error = security_inode_setattr(dentry, attr); | ||
565 | if (!error) | ||
566 | error = inode_setattr(inode, attr); | ||
567 | } | ||
568 | return error; | ||
569 | } | ||
570 | |||
571 | static struct inode_operations proc_def_inode_operations = { | ||
572 | .setattr = proc_setattr, | ||
573 | }; | ||
574 | |||
554 | extern struct seq_operations mounts_op; | 575 | extern struct seq_operations mounts_op; |
555 | struct proc_mounts { | 576 | struct proc_mounts { |
556 | struct seq_file m; | 577 | struct seq_file m; |
@@ -1111,7 +1132,8 @@ out: | |||
1111 | 1132 | ||
1112 | static struct inode_operations proc_pid_link_inode_operations = { | 1133 | static struct inode_operations proc_pid_link_inode_operations = { |
1113 | .readlink = proc_pid_readlink, | 1134 | .readlink = proc_pid_readlink, |
1114 | .follow_link = proc_pid_follow_link | 1135 | .follow_link = proc_pid_follow_link, |
1136 | .setattr = proc_setattr, | ||
1115 | }; | 1137 | }; |
1116 | 1138 | ||
1117 | static int proc_readfd(struct file * filp, void * dirent, filldir_t filldir) | 1139 | static int proc_readfd(struct file * filp, void * dirent, filldir_t filldir) |
@@ -1285,6 +1307,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st | |||
1285 | ei = PROC_I(inode); | 1307 | ei = PROC_I(inode); |
1286 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; | 1308 | inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; |
1287 | inode->i_ino = fake_ino(task->pid, ino); | 1309 | inode->i_ino = fake_ino(task->pid, ino); |
1310 | inode->i_op = &proc_def_inode_operations; | ||
1288 | 1311 | ||
1289 | /* | 1312 | /* |
1290 | * grab the reference to task. | 1313 | * grab the reference to task. |
@@ -1529,11 +1552,13 @@ static struct file_operations proc_task_operations = { | |||
1529 | */ | 1552 | */ |
1530 | static struct inode_operations proc_fd_inode_operations = { | 1553 | static struct inode_operations proc_fd_inode_operations = { |
1531 | .lookup = proc_lookupfd, | 1554 | .lookup = proc_lookupfd, |
1555 | .setattr = proc_setattr, | ||
1532 | }; | 1556 | }; |
1533 | 1557 | ||
1534 | static struct inode_operations proc_task_inode_operations = { | 1558 | static struct inode_operations proc_task_inode_operations = { |
1535 | .lookup = proc_task_lookup, | 1559 | .lookup = proc_task_lookup, |
1536 | .getattr = proc_task_getattr, | 1560 | .getattr = proc_task_getattr, |
1561 | .setattr = proc_setattr, | ||
1537 | }; | 1562 | }; |
1538 | 1563 | ||
1539 | #ifdef CONFIG_SECURITY | 1564 | #ifdef CONFIG_SECURITY |
@@ -1847,11 +1872,13 @@ static struct file_operations proc_tid_base_operations = { | |||
1847 | static struct inode_operations proc_tgid_base_inode_operations = { | 1872 | static struct inode_operations proc_tgid_base_inode_operations = { |
1848 | .lookup = proc_tgid_base_lookup, | 1873 | .lookup = proc_tgid_base_lookup, |
1849 | .getattr = pid_getattr, | 1874 | .getattr = pid_getattr, |
1875 | .setattr = proc_setattr, | ||
1850 | }; | 1876 | }; |
1851 | 1877 | ||
1852 | static struct inode_operations proc_tid_base_inode_operations = { | 1878 | static struct inode_operations proc_tid_base_inode_operations = { |
1853 | .lookup = proc_tid_base_lookup, | 1879 | .lookup = proc_tid_base_lookup, |
1854 | .getattr = pid_getattr, | 1880 | .getattr = pid_getattr, |
1881 | .setattr = proc_setattr, | ||
1855 | }; | 1882 | }; |
1856 | 1883 | ||
1857 | #ifdef CONFIG_SECURITY | 1884 | #ifdef CONFIG_SECURITY |
@@ -1894,11 +1921,13 @@ static struct dentry *proc_tid_attr_lookup(struct inode *dir, | |||
1894 | static struct inode_operations proc_tgid_attr_inode_operations = { | 1921 | static struct inode_operations proc_tgid_attr_inode_operations = { |
1895 | .lookup = proc_tgid_attr_lookup, | 1922 | .lookup = proc_tgid_attr_lookup, |
1896 | .getattr = pid_getattr, | 1923 | .getattr = pid_getattr, |
1924 | .setattr = proc_setattr, | ||
1897 | }; | 1925 | }; |
1898 | 1926 | ||
1899 | static struct inode_operations proc_tid_attr_inode_operations = { | 1927 | static struct inode_operations proc_tid_attr_inode_operations = { |
1900 | .lookup = proc_tid_attr_lookup, | 1928 | .lookup = proc_tid_attr_lookup, |
1901 | .getattr = pid_getattr, | 1929 | .getattr = pid_getattr, |
1930 | .setattr = proc_setattr, | ||
1902 | }; | 1931 | }; |
1903 | #endif | 1932 | #endif |
1904 | 1933 | ||