summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHugh Dickins <hugh@veritas.com>2006-04-17 22:46:32 +0100
committerLinus Torvalds <torvalds@g5.osdl.org>2006-04-17 18:22:18 -0700
commit69cf0fac6052c5bd3fb3469a41d4216e926028f8 (patch)
treef403d0731549835fbf406fa4cd0910d9aec1d953
parente14d95f773b7365b6ba2d2105522c92b007c6db1 (diff)
downloadop-kernel-dev-69cf0fac6052c5bd3fb3469a41d4216e926028f8.zip
op-kernel-dev-69cf0fac6052c5bd3fb3469a41d4216e926028f8.tar.gz
[PATCH] Fix MADV_REMOVE protection checking
madvise_remove needs to respect file and mmap protections. Signed-off-by: Hugh Dickins <hugh@veritas.com> [ Will the real CVE-2006-1524 stand up, please.. ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/madvise.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/mm/madvise.c b/mm/madvise.c
index af3d573..4e19615 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_area_struct *vma,
return -EINVAL;
}
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
+ return -EACCES;
+
mapping = vma->vm_file->f_mapping;
offset = (loff_t)(start - vma->vm_start)
OpenPOWER on IntegriCloud