diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-01-09 10:07:31 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-01-09 10:07:31 -0500 |
commit | b21507e272627c434e8dd74e8d51fd8245281b59 (patch) | |
tree | 3c8453724f6429e2bae5cd3cc9266104c2e6feea /fs/proc | |
parent | be0554c9bf9f7cc96f5205df8f8bd3573b74320e (diff) | |
download | op-kernel-dev-b21507e272627c434e8dd74e8d51fd8245281b59.zip op-kernel-dev-b21507e272627c434e8dd74e8d51fd8245281b59.tar.gz |
proc,security: move restriction on writing /proc/pid/attr nodes to proc
Processes can only alter their own security attributes via
/proc/pid/attr nodes. This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/base.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 8e7e61b..988c5a7 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2488,6 +2488,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, length = -ESRCH; if (!task) goto out_no_task; + + /* A task may only write its own attributes. */ + length = -EACCES; + if (current != task) + goto out; + if (count > PAGE_SIZE) count = PAGE_SIZE; @@ -2503,14 +2509,13 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, } /* Guard against adverse ptrace interaction */ - length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); + length = mutex_lock_interruptible(¤t->signal->cred_guard_mutex); if (length < 0) goto out_free; - length = security_setprocattr(task, - (char*)file->f_path.dentry->d_name.name, + length = security_setprocattr(file->f_path.dentry->d_name.name, page, count); - mutex_unlock(&task->signal->cred_guard_mutex); + mutex_unlock(¤t->signal->cred_guard_mutex); out_free: kfree(page); out: |