summaryrefslogtreecommitdiffstats
path: root/fs/aio.c
diff options
context:
space:
mode:
authorKostik Belousov <konstantin.belousov@zoral.com.ua>2005-10-23 21:57:13 +0200
committerLinus Torvalds <torvalds@g5.osdl.org>2005-10-24 01:38:38 +0200
commit8766ce41018a0cb80fbe0ce7dbf747f357c752da (patch)
tree68daf47f292ef79987f208db8f4d2dabfec7fb57 /fs/aio.c
parent[PATCH] kernel-parameters cleanup (diff)
downloadlinux-8766ce41018a0cb80fbe0ce7dbf747f357c752da.tar.xz
linux-8766ce41018a0cb80fbe0ce7dbf747f357c752da.zip
[PATCH] aio syscalls are not checked by lsm
Another case of missing call to security_file_permission: aio functions (namely, io_submit) does not check credentials with security modules. Below is the simple patch to the problem. It seems that it is enough to check for rights at the request submission time. Signed-off-by: Kostik Belousov <kostikbel@gmail.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/aio.c')
-rw-r--r--fs/aio.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/aio.c b/fs/aio.c
index 9fe7216457d8..edfca5b75535 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1397,6 +1397,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
kiocb->ki_left)))
break;
+ ret = security_file_permission(file, MAY_READ);
+ if (unlikely(ret))
+ break;
ret = -EINVAL;
if (file->f_op->aio_read)
kiocb->ki_retry = aio_pread;
@@ -1409,6 +1412,9 @@ static ssize_t aio_setup_iocb(struct kiocb *kiocb)
if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
kiocb->ki_left)))
break;
+ ret = security_file_permission(file, MAY_WRITE);
+ if (unlikely(ret))
+ break;
ret = -EINVAL;
if (file->f_op->aio_write)
kiocb->ki_retry = aio_pwrite;