* [PATCH] security: revalidate rw permissions for sys_splice and sys_vmsplice
@ 2007-07-12 16:09 James Morris
2007-07-13 9:44 ` Jens Axboe
0 siblings, 1 reply; 2+ messages in thread
From: James Morris @ 2007-07-12 16:09 UTC (permalink / raw)
To: Jens Axboe; +Cc: Stephen Smalley, linux-kernel
Revalidate read/write permissions for splice(2) and vmslice(2), in case
security policy has changed since the files were opened.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
---
Updated version against latest Linus git. Jens, I dropped your initial
signed-off-by due to the rework.
Please review and apply if ok.
fs/splice.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/fs/splice.c b/fs/splice.c
index ed2ce99..ef80822 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -28,6 +28,7 @@
#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/uio.h>
+#include <linux/security.h>
/*
* Attempt to steal a page from a pipe buffer. This should perhaps go into
@@ -961,6 +962,10 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
if (unlikely(ret < 0))
return ret;
+ ret = security_file_permission(out, MAY_WRITE);
+ if (unlikely(ret < 0))
+ return ret;
+
return out->f_op->splice_write(pipe, out, ppos, len, flags);
}
@@ -983,6 +988,10 @@ static long do_splice_to(struct file *in, loff_t *ppos,
if (unlikely(ret < 0))
return ret;
+ ret = security_file_permission(in, MAY_READ);
+ if (unlikely(ret < 0))
+ return ret;
+
return in->f_op->splice_read(in, ppos, pipe, len, flags);
}
--
1.5.2.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] security: revalidate rw permissions for sys_splice and sys_vmsplice
2007-07-12 16:09 [PATCH] security: revalidate rw permissions for sys_splice and sys_vmsplice James Morris
@ 2007-07-13 9:44 ` Jens Axboe
0 siblings, 0 replies; 2+ messages in thread
From: Jens Axboe @ 2007-07-13 9:44 UTC (permalink / raw)
To: James Morris; +Cc: Stephen Smalley, linux-kernel
On Thu, Jul 12 2007, James Morris wrote:
> Revalidate read/write permissions for splice(2) and vmslice(2), in case
> security policy has changed since the files were opened.
>
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> Signed-off-by: James Morris <jmorris@namei.org>
> ---
>
> Updated version against latest Linus git. Jens, I dropped your initial
> signed-off-by due to the rework.
>
> Please review and apply if ok.
No worries, re-signed and applied!
--
Jens Axboe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-07-13 9:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-12 16:09 [PATCH] security: revalidate rw permissions for sys_splice and sys_vmsplice James Morris
2007-07-13 9:44 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox