提交 29ce2058 编写于 作者: J James Morris 提交者: Jens Axboe

security: revalidate rw permissions for sys_splice and sys_vmsplice

Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.
Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: NJames Morris <jmorris@namei.org>
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
上级 d3f35d98
......@@ -28,6 +28,7 @@
#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/uio.h>
#include <linux/security.h>
/*
* Attempt to steal a page from a pipe buffer. This should perhaps go into
......@@ -961,6 +962,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
if (unlikely(ret < 0))
return ret;
ret = security_file_permission(out, MAY_WRITE);
if (unlikely(ret < 0))
return ret;
return out->f_op->splice_write(pipe, out, ppos, len, flags);
}
......@@ -983,6 +988,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
if (unlikely(ret < 0))
return ret;
ret = security_file_permission(in, MAY_READ);
if (unlikely(ret < 0))
return ret;
return in->f_op->splice_read(in, ppos, pipe, len, flags);
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册