summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2013-02-27 08:37:56 -0800
committerKees Cook <keescook@chromium.org>2015-02-27 16:53:09 -0800
commit41a4695ca46d8798f89b477855973eb2ad3f4f69 (patch)
tree5cd16b1a1cdd12c89da6e72995f05b2ce68e1fcb /security
parent04f81f0154e4bf002be6f4d85668ce1257efa4d9 (diff)
Yama: do not modify global sysctl table entry
When the sysctl table is constified, we won't be able to directly modify it. Instead, use a table copy that carries any needed changes. Suggested-by: PaX Team <pageexec@freemail.hu> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security')
-rw-r--r--security/yama/yama_lsm.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 13c88fbcf037..24aae2ae2b30 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -379,20 +379,17 @@ static struct security_operations yama_ops = {
static int yama_dointvec_minmax(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
- int rc;
+ struct ctl_table table_copy;
if (write && !capable(CAP_SYS_PTRACE))
return -EPERM;
- rc = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
- if (rc)
- return rc;
-
/* Lock the max value if it ever gets set. */
- if (write && *(int *)table->data == *(int *)table->extra2)
- table->extra1 = table->extra2;
+ table_copy = *table;
+ if (*(int *)table_copy.data == *(int *)table_copy.extra2)
+ table_copy.extra1 = table_copy.extra2;
- return rc;
+ return proc_dointvec_minmax(&table_copy, write, buffer, lenp, ppos);
}
static int zero;