summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorKostik Belousov <konstantin.belousov@zoral.com.ua>2005-10-23 12:57:13 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2005-10-23 16:38:38 -0700
commit8766ce41018a0cb80fbe0ce7dbf747f357c752da (patch)
tree68daf47f292ef79987f208db8f4d2dabfec7fb57 /fs
parenta991304496bdaec09f497d1eb5d9dcf2f94b7d5d (diff)
[PATCH] aio syscalls are not checked by lsm
Another case of missing call to security_file_permission: aio functions (namely, io_submit) does not check credentials with security modules. Below is the simple patch to the problem. It seems that it is enough to check for rights at the request submission time. Signed-off-by: Kostik Belousov <kostikbel@gmail.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/aio.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/aio.c b/fs/aio.c
index 9fe7216457d..edfca5b7553 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1397,6 +1397,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
kiocb->ki_left)))
break;
+ ret = security_file_permission(file, MAY_READ);
+ if (unlikely(ret))
+ break;
ret = -EINVAL;
if (file->f_op->aio_read)
kiocb->ki_retry = aio_pread;
@@ -1409,6 +1412,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
kiocb->ki_left)))
break;
+ ret = security_file_permission(file, MAY_WRITE);
+ if (unlikely(ret))
+ break;
ret = -EINVAL;
if (file->f_op->aio_write)
kiocb->ki_retry = aio_pwrite;