aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/sysctl.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-07-15 21:03:57 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-07-26 20:53:14 -0400
commite6305c43eda10ebfd2ad9e35d6e172ccc7bb3695 (patch)
tree8a95bd0e27fb3ce895cca9ef91af2e1605e4cdab /kernel/sysctl.c
parent1bd5191d9f5d1928c4efdf604c4164b04bb88dbe (diff)
[PATCH] sanitize ->permission() prototype
* kill nameidata * argument; map the 3 bits in ->flags anybody cares about to new MAY_... ones and pass with the mask. * kill redundant gfs2_iop_permission() * sanitize ecryptfs_permission() * fix remaining places where ->permission() instances might barf on new MAY_... found in mask. The obvious next target in that direction is permission(9) folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/sysctl.c')
-rw-r--r--kernel/sysctl.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ff5abcca5ddf..911d846f0503 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1516,9 +1516,9 @@ static int do_sysctl_strategy(struct ctl_table_root *root,
1516 int op = 0, rc; 1516 int op = 0, rc;
1517 1517
1518 if (oldval) 1518 if (oldval)
1519 op |= 004; 1519 op |= MAY_READ;
1520 if (newval) 1520 if (newval)
1521 op |= 002; 1521 op |= MAY_WRITE;
1522 if (sysctl_perm(root, table, op)) 1522 if (sysctl_perm(root, table, op))
1523 return -EPERM; 1523 return -EPERM;
1524 1524
@@ -1560,7 +1560,7 @@ repeat:
1560 if (n == table->ctl_name) { 1560 if (n == table->ctl_name) {
1561 int error; 1561 int error;
1562 if (table->child) { 1562 if (table->child) {
1563 if (sysctl_perm(root, table, 001)) 1563 if (sysctl_perm(root, table, MAY_EXEC))
1564 return -EPERM; 1564 return -EPERM;
1565 name++; 1565 name++;
1566 nlen--; 1566 nlen--;
@@ -1635,7 +1635,7 @@ static int test_perm(int mode, int op)
1635 mode >>= 6; 1635 mode >>= 6;
1636 else if (in_egroup_p(0)) 1636 else if (in_egroup_p(0))
1637 mode >>= 3; 1637 mode >>= 3;
1638 if ((mode & op & 0007) == op) 1638 if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
1639 return 0; 1639 return 0;
1640 return -EACCES; 1640 return -EACCES;
1641} 1641}
@@ -1645,7 +1645,7 @@ int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
1645 int error; 1645 int error;
1646 int mode; 1646 int mode;
1647 1647
1648 error = security_sysctl(table, op); 1648 error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
1649 if (error) 1649 if (error)
1650 return error; 1650 return error;
1651 1651