diff options
Diffstat (limited to 'ipc/shm.c')
| -rw-r--r-- | ipc/shm.c | 19 |
1 files changed, 16 insertions, 3 deletions
| @@ -13,6 +13,8 @@ | |||
| 13 | * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> | 13 | * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> |
| 14 | * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> | 14 | * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> |
| 15 | * | 15 | * |
| 16 | * support for audit of ipc object properties and permission changes | ||
| 17 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | ||
| 16 | */ | 18 | */ |
| 17 | 19 | ||
| 18 | #include <linux/config.h> | 20 | #include <linux/config.h> |
| @@ -542,6 +544,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 542 | if(err) | 544 | if(err) |
| 543 | goto out_unlock; | 545 | goto out_unlock; |
| 544 | 546 | ||
| 547 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
| 548 | if (err) | ||
| 549 | goto out_unlock; | ||
| 550 | |||
| 545 | if (!capable(CAP_IPC_LOCK)) { | 551 | if (!capable(CAP_IPC_LOCK)) { |
| 546 | err = -EPERM; | 552 | err = -EPERM; |
| 547 | if (current->euid != shp->shm_perm.uid && | 553 | if (current->euid != shp->shm_perm.uid && |
| @@ -594,6 +600,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 594 | if(err) | 600 | if(err) |
| 595 | goto out_unlock_up; | 601 | goto out_unlock_up; |
| 596 | 602 | ||
| 603 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
| 604 | if (err) | ||
| 605 | goto out_unlock_up; | ||
| 606 | |||
| 597 | if (current->euid != shp->shm_perm.uid && | 607 | if (current->euid != shp->shm_perm.uid && |
| 598 | current->euid != shp->shm_perm.cuid && | 608 | current->euid != shp->shm_perm.cuid && |
| 599 | !capable(CAP_SYS_ADMIN)) { | 609 | !capable(CAP_SYS_ADMIN)) { |
| @@ -627,12 +637,15 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
| 627 | err=-EINVAL; | 637 | err=-EINVAL; |
| 628 | if(shp==NULL) | 638 | if(shp==NULL) |
| 629 | goto out_up; | 639 | goto out_up; |
| 630 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, | ||
| 631 | setbuf.mode, &(shp->shm_perm)))) | ||
| 632 | goto out_unlock_up; | ||
| 633 | err = shm_checkid(shp,shmid); | 640 | err = shm_checkid(shp,shmid); |
| 634 | if(err) | 641 | if(err) |
| 635 | goto out_unlock_up; | 642 | goto out_unlock_up; |
| 643 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
| 644 | if (err) | ||
| 645 | goto out_unlock_up; | ||
| 646 | err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm)); | ||
| 647 | if (err) | ||
| 648 | goto out_unlock_up; | ||
| 636 | err=-EPERM; | 649 | err=-EPERM; |
| 637 | if (current->euid != shp->shm_perm.uid && | 650 | if (current->euid != shp->shm_perm.uid && |
| 638 | current->euid != shp->shm_perm.cuid && | 651 | current->euid != shp->shm_perm.cuid && |