[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100115081226.GA14409@heat>
Date: Fri, 15 Jan 2010 03:12:26 -0500
From: Michael Stone <michael@...top.org>
To: linux-kernel@...r.kernel.org
Cc: netdev@...r.kernel.org, linux-security-module@...r.kernel.org,
Andi Kleen <andi@...stfloor.org>, David Lang <david@...g.hm>,
Oliver Hartkopp <socketcan@...tkopp.net>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Herbert Xu <herbert@...dor.apana.org.au>,
Valdis Kletnieks <Valdis.Kletnieks@...edu>,
Bryan Donlan <bdonlan@...il.com>,
Evgeniy Polyakov <zbr@...emap.net>,
"C. Scott Ananian" <cscott@...ott.net>,
James Morris <jmorris@...ei.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Bernie Innocenti <bernie@...ewiz.org>,
Mark Seaborn <mrs@...hic-beasts.com>,
Randy Dunlap <randy.dunlap@...cle.com>,
Américo Wang <xiyou.wangcong@...il.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Samir Bellabes <sam@...ack.fr>,
Casey Schaufler <casey@...aufler-ca.com>,
"Serge E. Hallyn" <serue@...ibm.com>, Pavel Machek <pavel@....cz>,
Al Viro <viro@...IV.linux.org.uk>,
Kyle Moffett <kyle@...fetthome.net>,
Andrew Morgan <morgan@...nel.org>,
Michael Stone <michael@...top.org>
Subject: disablenetwork (v5): Remove a TOCTTOU race by passing flags by
value.
When network_flags is passed by pointer to memory shared among several tasks,
one of those tasks could change the pointed-to value after it was checked by
security_prctl() and before it was used by prctl_set_network().
Also, since no cleanup is needed in prctl_set_network(), simplify its
return-value conventions.
Signed-off-by: Michael Stone <michael@...top.org>
---
include/linux/prctl_network.h | 2 +-
kernel/sys.c | 24 ++++++------------------
2 files changed, 7 insertions(+), 19 deletions(-)
diff --git a/include/linux/prctl_network.h b/include/linux/prctl_network.h
index d18f8cb..2c03292 100644
--- a/include/linux/prctl_network.h
+++ b/include/linux/prctl_network.h
@@ -2,6 +2,6 @@
#define _LINUX_PRCTL_NETWORK_H
extern long prctl_get_network(unsigned long*);
-extern long prctl_set_network(unsigned long*);
+extern long prctl_set_network(unsigned long);
#endif /* _LINUX_PRCTL_NETWORK_H */
diff --git a/kernel/sys.c b/kernel/sys.c
index b48f021..1fadf10 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1580,7 +1580,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
error = PR_MCE_KILL_DEFAULT;
break;
case PR_SET_NETWORK:
- error = prctl_set_network((unsigned long*)arg2);
+ error = prctl_set_network(arg2);
break;
case PR_GET_NETWORK:
error = prctl_get_network((unsigned long*)arg2);
@@ -1599,29 +1599,17 @@ long prctl_get_network(unsigned long* user)
return put_user(current->network, user);
}
-long prctl_set_network(unsigned long* user)
+long prctl_set_network(unsigned long network_flags)
{
- unsigned long network_flags;
- long ret;
-
- ret = -EFAULT;
- if (copy_from_user(&network_flags, user, sizeof(network_flags)))
- goto out;
-
- ret = -EINVAL;
if (network_flags & ~PR_NETWORK_ALL_FLAGS)
- goto out;
+ return -EINVAL;
/* only dropping access is permitted */
- ret = -EPERM;
- if (current->network & ~network_flags)
- goto out;
+ if (current->network & ~network_flags)
+ return -EPERM;
current->network = network_flags;
- ret = 0;
-
-out:
- return ret;
+ return 0;
}
#else
--
1.6.6.rc2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists