aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@evo.osdl.org>2006-07-15 15:26:45 -0400
committerLinus Torvalds <torvalds@evo.osdl.org>2006-07-15 15:26:45 -0400
commit6d76fa58b050044994fe25f8753b8023f2b36737 (patch)
tree86964d8aeb297fe4346f73d812519646c7fdca20 /fs
parent92d032855e64834283de5acfb0463232e0ab128e (diff)
Don't allow chmod() on the /proc/<pid>/ files
This just turns off chmod() on the /proc/<pid>/ files, since there is no good reason to allow it, and had we disallowed it originally, the nasty /proc race exploit wouldn't have been possible. The other patches already fixed the problem chmod() could cause, so this is really just some final mop-up.. This particular version is based off a patch by Eugene and Marcel which had much better naming than my original equivalent one. Signed-off-by: Eugene Teo <eteo@redhat.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/proc/base.c31
1 files changed, 30 insertions, 1 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 474eae345068..fe8d55fb17cc 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -551,6 +551,27 @@ static int proc_fd_access_allowed(struct inode *inode)
551 return allowed; 551 return allowed;
552} 552}
553 553
554static int proc_setattr(struct dentry *dentry, struct iattr *attr)
555{
556 int error;
557 struct inode *inode = dentry->d_inode;
558
559 if (attr->ia_valid & ATTR_MODE)
560 return -EPERM;
561
562 error = inode_change_ok(inode, attr);
563 if (!error) {
564 error = security_inode_setattr(dentry, attr);
565 if (!error)
566 error = inode_setattr(inode, attr);
567 }
568 return error;
569}
570
571static struct inode_operations proc_def_inode_operations = {
572 .setattr = proc_setattr,
573};
574
554extern struct seq_operations mounts_op; 575extern struct seq_operations mounts_op;
555struct proc_mounts { 576struct proc_mounts {
556 struct seq_file m; 577 struct seq_file m;
@@ -1111,7 +1132,8 @@ out:
1111 1132
1112static struct inode_operations proc_pid_link_inode_operations = { 1133static struct inode_operations proc_pid_link_inode_operations = {
1113 .readlink = proc_pid_readlink, 1134 .readlink = proc_pid_readlink,
1114 .follow_link = proc_pid_follow_link 1135 .follow_link = proc_pid_follow_link,
1136 .setattr = proc_setattr,
1115}; 1137};
1116 1138
1117static int proc_readfd(struct file * filp, void * dirent, filldir_t filldir) 1139static int proc_readfd(struct file * filp, void * dirent, filldir_t filldir)
@@ -1285,6 +1307,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
1285 ei = PROC_I(inode); 1307 ei = PROC_I(inode);
1286 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; 1308 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
1287 inode->i_ino = fake_ino(task->pid, ino); 1309 inode->i_ino = fake_ino(task->pid, ino);
1310 inode->i_op = &proc_def_inode_operations;
1288 1311
1289 /* 1312 /*
1290 * grab the reference to task. 1313 * grab the reference to task.
@@ -1529,11 +1552,13 @@ static struct file_operations proc_task_operations = {
1529 */ 1552 */
1530static struct inode_operations proc_fd_inode_operations = { 1553static struct inode_operations proc_fd_inode_operations = {
1531 .lookup = proc_lookupfd, 1554 .lookup = proc_lookupfd,
1555 .setattr = proc_setattr,
1532}; 1556};
1533 1557
1534static struct inode_operations proc_task_inode_operations = { 1558static struct inode_operations proc_task_inode_operations = {
1535 .lookup = proc_task_lookup, 1559 .lookup = proc_task_lookup,
1536 .getattr = proc_task_getattr, 1560 .getattr = proc_task_getattr,
1561 .setattr = proc_setattr,
1537}; 1562};
1538 1563
1539#ifdef CONFIG_SECURITY 1564#ifdef CONFIG_SECURITY
@@ -1847,11 +1872,13 @@ static struct file_operations proc_tid_base_operations = {
1847static struct inode_operations proc_tgid_base_inode_operations = { 1872static struct inode_operations proc_tgid_base_inode_operations = {
1848 .lookup = proc_tgid_base_lookup, 1873 .lookup = proc_tgid_base_lookup,
1849 .getattr = pid_getattr, 1874 .getattr = pid_getattr,
1875 .setattr = proc_setattr,
1850}; 1876};
1851 1877
1852static struct inode_operations proc_tid_base_inode_operations = { 1878static struct inode_operations proc_tid_base_inode_operations = {
1853 .lookup = proc_tid_base_lookup, 1879 .lookup = proc_tid_base_lookup,
1854 .getattr = pid_getattr, 1880 .getattr = pid_getattr,
1881 .setattr = proc_setattr,
1855}; 1882};
1856 1883
1857#ifdef CONFIG_SECURITY 1884#ifdef CONFIG_SECURITY
@@ -1894,11 +1921,13 @@ static struct dentry *proc_tid_attr_lookup(struct inode *dir,
1894static struct inode_operations proc_tgid_attr_inode_operations = { 1921static struct inode_operations proc_tgid_attr_inode_operations = {
1895 .lookup = proc_tgid_attr_lookup, 1922 .lookup = proc_tgid_attr_lookup,
1896 .getattr = pid_getattr, 1923 .getattr = pid_getattr,
1924 .setattr = proc_setattr,
1897}; 1925};
1898 1926
1899static struct inode_operations proc_tid_attr_inode_operations = { 1927static struct inode_operations proc_tid_attr_inode_operations = {
1900 .lookup = proc_tid_attr_lookup, 1928 .lookup = proc_tid_attr_lookup,
1901 .getattr = pid_getattr, 1929 .getattr = pid_getattr,
1930 .setattr = proc_setattr,
1902}; 1931};
1903#endif 1932#endif
1904 1933