]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
projects / thirdparty / kernel / stable-queue.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ed1a009)
LSM patch for missing compat readv/writev hook, from jamesm
authorChris Wright <chrisw@sous-sol.org>
Wed, 26 Apr 2006 18:35:12 +0000 (11:35 -0700)
committerChris Wright <chrisw@sous-sol.org>
Wed, 26 Apr 2006 18:35:12 +0000 (11:35 -0700)
queue-2.6.16/lsm-add-missing-hook-to-do_compat_readv_writev.patch [new file with mode: 0644] patch | blob
queue-2.6.16/series patch | blob | blame | history

diff --git a/queue-2.6.16/lsm-add-missing-hook-to-do_compat_readv_writev.patch b/queue-2.6.16/lsm-add-missing-hook-to-do_compat_readv_writev.patch
new file mode 100644 (file)
index 0000000..95c1c06
--- /dev/null
+++ b/queue-2.6.16/lsm-add-missing-hook-to-do_compat_readv_writev.patch
@@ -0,0 +1,39 @@
+From jmorris@namei.org  Wed Apr 26 10:51:36 2006
+Date: Wed, 26 Apr 2006 02:45:03 -0400 (EDT)
+From: James Morris <jmorris@namei.org>
+To: Linus Torvalds <torvalds@osdl.org>
+cc: Al Viro <viro@ftp.linux.org.uk>, Chris Wright <chrisw@sous-sol.org>,
+        Stephen Smalley <sds@tycho.nsa.gov>, linux-kernel@vger.kernel.org
+Subject: [PATCH] LSM: add missing hook to do_compat_readv_writev()
+
+This patch addresses a flaw in LSM, where there is no mediation of readv() 
+and writev() in for 32-bit compatible apps using a 64-bit kernel.
+
+This bug was discovered and fixed initially in the native readv/writev 
+code [1], but was not fixed in the compat code.  Thanks to Al for spotting 
+this one.
+
+Signed-off-by: James Morris <jmorris@namei.org> 
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+
+[1] http://lwn.net/Articles/154282/
+
+---
+
+ fs/compat.c |    4 ++++
+ 1 files changed, 4 insertions(+)
+
+--- linux-2.6.16.11.orig/fs/compat.c
++++ linux-2.6.16.11/fs/compat.c
+@@ -1215,6 +1215,10 @@ static ssize_t compat_do_readv_writev(in
+       if (ret < 0)
+               goto out;
++      ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE);
++      if (ret)
++              goto out;
++
+       fnv = NULL;
+       if (type == READ) {
+               fn = file->f_op->read;
diff --git a/queue-2.6.16/series b/queue-2.6.16/series
index bf26420d3d3539088d685f2ed71cf376aa322820..8e39fdf370e13216320ae2ae605fd7e753136679 100644 (file)
--- a/queue-2.6.16/series
+++ b/queue-2.6.16/series
@@ -15,3 +15,4 @@ simplify-proc-devices-and-fix-early-termination-regression.patch
 fix-reiserfs-deadlock.patch
 altix-snsc-duplicate-kobject-fix.patch
 alpha-strncpy-fix.patch
+lsm-add-missing-hook-to-do_compat_readv_writev.patch
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git