Commit 5db60db6 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Adrian Bunk

Don't allow chmod() on the /proc/<pid>/ files

This just turns off chmod() on the /proc/<pid>/ files, since there is no
good reason to allow it, and had we disallowed it originally, the nasty
/proc race exploit wouldn't have been possible.

The other patches already fixed the problem chmod() could cause, so this
is really just some final mop-up..

This particular version is based off a patch by Eugene and Marcel which
had much better naming than my original equivalent one.
Signed-off-by: default avatarEugene Teo <eteo@redhat.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
parent 5f4b6b03
...@@ -590,6 +590,27 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd) ...@@ -590,6 +590,27 @@ static int proc_permission(struct inode *inode, int mask, struct nameidata *nd)
return proc_check_root(inode); return proc_check_root(inode);
} }
static int proc_setattr(struct dentry *dentry, struct iattr *attr)
{
int error;
struct inode *inode = dentry->d_inode;
if (attr->ia_valid & ATTR_MODE)
return -EPERM;
error = inode_change_ok(inode, attr);
if (!error) {
error = security_inode_setattr(dentry, attr);
if (!error)
error = inode_setattr(inode, attr);
}
return error;
}
static struct inode_operations proc_def_inode_operations = {
.setattr = proc_setattr,
};
static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd) static int proc_task_permission(struct inode *inode, int mask, struct nameidata *nd)
{ {
struct dentry *root; struct dentry *root;
...@@ -949,6 +970,7 @@ static struct file_operations proc_oom_adjust_operations = { ...@@ -949,6 +970,7 @@ static struct file_operations proc_oom_adjust_operations = {
static struct inode_operations proc_mem_inode_operations = { static struct inode_operations proc_mem_inode_operations = {
.permission = proc_permission, .permission = proc_permission,
.setattr = proc_setattr,
}; };
#ifdef CONFIG_AUDITSYSCALL #ifdef CONFIG_AUDITSYSCALL
...@@ -1146,7 +1168,8 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b ...@@ -1146,7 +1168,8 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
static struct inode_operations proc_pid_link_inode_operations = { static struct inode_operations proc_pid_link_inode_operations = {
.readlink = proc_pid_readlink, .readlink = proc_pid_readlink,
.follow_link = proc_pid_follow_link .follow_link = proc_pid_follow_link,
.setattr = proc_setattr,
}; };
#define NUMBUF 10 #define NUMBUF 10
...@@ -1318,6 +1341,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st ...@@ -1318,6 +1341,7 @@ static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_st
ei->task = NULL; ei->task = NULL;
inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME; inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
inode->i_ino = fake_ino(task->pid, ino); inode->i_ino = fake_ino(task->pid, ino);
inode->i_op = &proc_def_inode_operations;
if (!pid_alive(task)) if (!pid_alive(task))
goto out_unlock; goto out_unlock;
...@@ -1541,11 +1565,13 @@ static struct file_operations proc_task_operations = { ...@@ -1541,11 +1565,13 @@ static struct file_operations proc_task_operations = {
static struct inode_operations proc_fd_inode_operations = { static struct inode_operations proc_fd_inode_operations = {
.lookup = proc_lookupfd, .lookup = proc_lookupfd,
.permission = proc_permission, .permission = proc_permission,
.setattr = proc_setattr,
}; };
static struct inode_operations proc_task_inode_operations = { static struct inode_operations proc_task_inode_operations = {
.lookup = proc_task_lookup, .lookup = proc_task_lookup,
.permission = proc_task_permission, .permission = proc_task_permission,
.setattr = proc_setattr,
}; };
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
...@@ -1831,10 +1857,12 @@ static struct file_operations proc_tid_base_operations = { ...@@ -1831,10 +1857,12 @@ static struct file_operations proc_tid_base_operations = {
static struct inode_operations proc_tgid_base_inode_operations = { static struct inode_operations proc_tgid_base_inode_operations = {
.lookup = proc_tgid_base_lookup, .lookup = proc_tgid_base_lookup,
.setattr = proc_setattr,
}; };
static struct inode_operations proc_tid_base_inode_operations = { static struct inode_operations proc_tid_base_inode_operations = {
.lookup = proc_tid_base_lookup, .lookup = proc_tid_base_lookup,
.setattr = proc_setattr,
}; };
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
...@@ -1876,10 +1904,12 @@ static struct dentry *proc_tid_attr_lookup(struct inode *dir, ...@@ -1876,10 +1904,12 @@ static struct dentry *proc_tid_attr_lookup(struct inode *dir,
static struct inode_operations proc_tgid_attr_inode_operations = { static struct inode_operations proc_tgid_attr_inode_operations = {
.lookup = proc_tgid_attr_lookup, .lookup = proc_tgid_attr_lookup,
.setattr = proc_setattr,
}; };
static struct inode_operations proc_tid_attr_inode_operations = { static struct inode_operations proc_tid_attr_inode_operations = {
.lookup = proc_tid_attr_lookup, .lookup = proc_tid_attr_lookup,
.setattr = proc_setattr,
}; };
#endif #endif
...@@ -1904,6 +1934,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) ...@@ -1904,6 +1934,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
static struct inode_operations proc_self_inode_operations = { static struct inode_operations proc_self_inode_operations = {
.readlink = proc_self_readlink, .readlink = proc_self_readlink,
.follow_link = proc_self_follow_link, .follow_link = proc_self_follow_link,
.setattr = proc_setattr,
}; };
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment