diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2008-07-15 21:03:57 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-07-26 20:53:14 -0400 |
| commit | e6305c43eda10ebfd2ad9e35d6e172ccc7bb3695 (patch) | |
| tree | 8a95bd0e27fb3ce895cca9ef91af2e1605e4cdab /kernel/sysctl.c | |
| parent | 1bd5191d9f5d1928c4efdf604c4164b04bb88dbe (diff) | |
[PATCH] sanitize ->permission() prototype
* kill nameidata * argument; map the 3 bits in ->flags anybody cares
about to new MAY_... ones and pass with the mask.
* kill redundant gfs2_iop_permission()
* sanitize ecryptfs_permission()
* fix remaining places where ->permission() instances might barf on new
MAY_... found in mask.
The obvious next target in that direction is permission(9)
folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/sysctl.c')
| -rw-r--r-- | kernel/sysctl.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index ff5abcca5ddf..911d846f0503 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -1516,9 +1516,9 @@ static int do_sysctl_strategy(struct ctl_table_root *root, | |||
| 1516 | int op = 0, rc; | 1516 | int op = 0, rc; |
| 1517 | 1517 | ||
| 1518 | if (oldval) | 1518 | if (oldval) |
| 1519 | op |= 004; | 1519 | op |= MAY_READ; |
| 1520 | if (newval) | 1520 | if (newval) |
| 1521 | op |= 002; | 1521 | op |= MAY_WRITE; |
| 1522 | if (sysctl_perm(root, table, op)) | 1522 | if (sysctl_perm(root, table, op)) |
| 1523 | return -EPERM; | 1523 | return -EPERM; |
| 1524 | 1524 | ||
| @@ -1560,7 +1560,7 @@ repeat: | |||
| 1560 | if (n == table->ctl_name) { | 1560 | if (n == table->ctl_name) { |
| 1561 | int error; | 1561 | int error; |
| 1562 | if (table->child) { | 1562 | if (table->child) { |
| 1563 | if (sysctl_perm(root, table, 001)) | 1563 | if (sysctl_perm(root, table, MAY_EXEC)) |
| 1564 | return -EPERM; | 1564 | return -EPERM; |
| 1565 | name++; | 1565 | name++; |
| 1566 | nlen--; | 1566 | nlen--; |
| @@ -1635,7 +1635,7 @@ static int test_perm(int mode, int op) | |||
| 1635 | mode >>= 6; | 1635 | mode >>= 6; |
| 1636 | else if (in_egroup_p(0)) | 1636 | else if (in_egroup_p(0)) |
| 1637 | mode >>= 3; | 1637 | mode >>= 3; |
| 1638 | if ((mode & op & 0007) == op) | 1638 | if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0) |
| 1639 | return 0; | 1639 | return 0; |
| 1640 | return -EACCES; | 1640 | return -EACCES; |
| 1641 | } | 1641 | } |
| @@ -1645,7 +1645,7 @@ int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op) | |||
| 1645 | int error; | 1645 | int error; |
| 1646 | int mode; | 1646 | int mode; |
| 1647 | 1647 | ||
| 1648 | error = security_sysctl(table, op); | 1648 | error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC)); |
| 1649 | if (error) | 1649 | if (error) |
| 1650 | return error; | 1650 | return error; |
| 1651 | 1651 | ||