procfs permissions on 2.6.x

[Herbert Poetzl]

Hi Andrew!

stumbled over the following detail ...

usually when somebody tries to modify an inode,
notify_change() calls inode_change_ok() to verify
the user's permissions ... now it seems that
somewhere around 2.5.41, a patch similar to this
one was included into the mainline, and remained
almost unmodified ...

http://www.uwsg.iu.edu/hypermail/linux/kernel/0210.1/1002.html

this probably unintentionally circumvents the 
inode_change_ok() check, so that now any user
can modify inodes of the procfs. 

example:

  $ chmod a-rwx /proc/cmdline

the following patch hopefully fixes this, so
please consider for inclusion ...

TIA,
Herbert


diff -NurpP --minimal linux-2.6.7/fs/proc/generic.c linux-2.6.7-fix/fs/proc/generic.c
--- linux-2.6.7/fs/proc/generic.c	2004-06-16 07:20:26.000000000 +0200
+++ linux-2.6.7-fix/fs/proc/generic.c	2004-07-03 21:50:30.000000000 +0200
@@ -241,8 +241,20 @@ static int proc_notify_change(struct den
 	return error;
 }
 
+static int proc_setattr(struct dentry *dentry, struct iattr *iattr)
+{
+        struct inode *inode = dentry->d_inode;
+        int error;
+
+        error = inode_change_ok(inode, iattr);
+        if (error)
+                return error;
+	error = proc_notify_change(dentry, iattr);
+	return error;
+}
+
 static struct inode_operations proc_file_inode_operations = {
-	.setattr	= proc_notify_change,
+	.setattr	= proc_setattr,
 };
 
 /*
@@ -472,7 +484,7 @@ static struct file_operations proc_dir_o
  */
 static struct inode_operations proc_dir_inode_operations = {
 	.lookup		= proc_lookup,
-	.setattr	= proc_notify_change,
+	.setattr	= proc_setattr,
 };
 
 static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/