Yama: do not modify global sysctl table entry
When the sysctl table is constified, we won't be able to directly modify it. Instead, use a table copy that carries any needed changes. Suggested-by: PaX Team <pageexec@freemail.hu> Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
04f81f0154
commit
41a4695ca4
|
@ -379,20 +379,17 @@ static struct security_operations yama_ops = {
|
|||
static int yama_dointvec_minmax(struct ctl_table *table, int write,
|
||||
void __user *buffer, size_t *lenp, loff_t *ppos)
|
||||
{
|
||||
int rc;
|
||||
struct ctl_table table_copy;
|
||||
|
||||
if (write && !capable(CAP_SYS_PTRACE))
|
||||
return -EPERM;
|
||||
|
||||
rc = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
/* Lock the max value if it ever gets set. */
|
||||
if (write && *(int *)table->data == *(int *)table->extra2)
|
||||
table->extra1 = table->extra2;
|
||||
table_copy = *table;
|
||||
if (*(int *)table_copy.data == *(int *)table_copy.extra2)
|
||||
table_copy.extra1 = table_copy.extra2;
|
||||
|
||||
return rc;
|
||||
return proc_dointvec_minmax(&table_copy, write, buffer, lenp, ppos);
|
||||
}
|
||||
|
||||
static int zero;
|
||||
|
|
Loading…
Reference in New Issue
Block a user