summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKostik Belousov <konstantin.belousov@zoral.com.ua>2005-10-23 12:57:13 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2005-10-23 16:38:38 -0700
commit8766ce41018a0cb80fbe0ce7dbf747f357c752da (patch)
tree68daf47f292ef79987f208db8f4d2dabfec7fb57
parenta991304496bdaec09f497d1eb5d9dcf2f94b7d5d (diff)
[PATCH] aio syscalls are not checked by lsm
Another case of missing call to security_file_permission: aio functions (namely, io_submit) does not check credentials with security modules. Below is the simple patch to the problem. It seems that it is enough to check for rights at the request submission time. Signed-off-by: Kostik Belousov <kostikbel@gmail.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat
-rw-r--r--fs/aio.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/aio.c b/fs/aio.c
index 9fe7216457d8..edfca5b75535 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1397,6 +1397,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
kiocb->ki_left)))
break;
+ ret = security_file_permission(file, MAY_READ);
+ if (unlikely(ret))
+ break;
ret = -EINVAL;
if (file->f_op->aio_read)
kiocb->ki_retry = aio_pread;
@@ -1409,6 +1412,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
kiocb->ki_left)))
break;
+ ret = security_file_permission(file, MAY_WRITE);
+ if (unlikely(ret))
+ break;
ret = -EINVAL;
if (file->f_op->aio_write)
kiocb->ki_retry = aio_pwrite;
generated by cgit v1.2.3 (git 2.0.4) at 2024-04-23 09:04:33 +0000