Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Don't allow chmod() on the /proc/<pid>/ files
This just turns off chmod() on the /proc/<pid>/ files, since there is no
good reason to allow it, and had we disallowed it originally, the nasty
/proc race exploit wouldn't have been possible.
The other patches already fixed the problem chmod() could cause, so this
is really just some final mop-up..
This particular version is based off a patch by Eugene and Marcel which
had much better naming than my original equivalent one.
Signed-off-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+30
-1
+30
-1
fs/proc/base.c
+30
-1
fs/proc/base.c
···
551
551
return allowed;
552
552
}
553
553
554
+
static int proc_setattr(struct dentry *dentry, struct iattr *attr)
555
+
{
556
+
int error;
557
+
struct inode *inode = dentry->d_inode;
558
+
559
+
if (attr->ia_valid & ATTR_MODE)
560
+
return -EPERM;
561
+
562
+
error = inode_change_ok(inode, attr);
563
+
if (!error) {
564
+
error = security_inode_setattr(dentry, attr);
565
+
if (!error)
566
+
error = inode_setattr(inode, attr);
567
+
}
568
+
return error;
569
+
}
570
+
571
+
static struct inode_operations proc_def_inode_operations = {
572
+
.setattr = proc_setattr,
573
+
};
574
+
554
575
extern struct seq_operations mounts_op;
555
576
struct proc_mounts {
556
577
struct seq_file m;
···
1132
1111
1133
1112
static struct inode_operations proc_pid_link_inode_operations = {
1134
1113
.readlink = proc_pid_readlink,
1135
-
.follow_link = proc_pid_follow_link
1114
+
.follow_link = proc_pid_follow_link,
1115
+
.setattr = proc_setattr,
1136
1116
};
1137
1117
1138
1118
static int proc_readfd(struct file * filp, void * dirent, filldir_t filldir)
···
1307
1285
ei = PROC_I(inode);
1308
1286
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
1309
1287
inode->i_ino = fake_ino(task->pid, ino);
1288
+
inode->i_op = &proc_def_inode_operations;
1310
1289
1311
1290
/*
1312
1291
* grab the reference to task.
···
1552
1529
*/
1553
1530
static struct inode_operations proc_fd_inode_operations = {
1554
1531
.lookup = proc_lookupfd,
1532
+
.setattr = proc_setattr,
1555
1533
};
1556
1534
1557
1535
static struct inode_operations proc_task_inode_operations = {
1558
1536
.lookup = proc_task_lookup,
1559
1537
.getattr = proc_task_getattr,
1538
+
.setattr = proc_setattr,
1560
1539
};
1561
1540
1562
1541
#ifdef CONFIG_SECURITY
···
1872
1847
static struct inode_operations proc_tgid_base_inode_operations = {
1873
1848
.lookup = proc_tgid_base_lookup,
1874
1849
.getattr = pid_getattr,
1850
+
.setattr = proc_setattr,
1875
1851
};
1876
1852
1877
1853
static struct inode_operations proc_tid_base_inode_operations = {
1878
1854
.lookup = proc_tid_base_lookup,
1879
1855
.getattr = pid_getattr,
1856
+
.setattr = proc_setattr,
1880
1857
};
1881
1858
1882
1859
#ifdef CONFIG_SECURITY
···
1921
1894
static struct inode_operations proc_tgid_attr_inode_operations = {
1922
1895
.lookup = proc_tgid_attr_lookup,
1923
1896
.getattr = pid_getattr,
1897
+
.setattr = proc_setattr,
1924
1898
};
1925
1899
1926
1900
static struct inode_operations proc_tid_attr_inode_operations = {
1927
1901
.lookup = proc_tid_attr_lookup,
1928
1902
.getattr = pid_getattr,
1903
+
.setattr = proc_setattr,
1929
1904
};
1930
1905
#endif
1931
1906