On Wed, Oct 09, 2002 at 10:40:01PM -0700, Andrew Morton wrote:
> url: http://www.zip.com.au/~akpm/linux/patches/2.5/2.5.41/2.5.41-mm2/
hugetlbfs update:
CAP_IPC_LOCK is required to utilize hugetlb shm segments, memory
allocation, and other facilities. The following patch does three things:
(1) check capable(CAP_IPC_LOCK) in ->f_ops->mmap
This may be redundant but it errors out with less state to
clean up and at least clarifies the fact that checks are
being performed at the relevant entry points.
(2) check capable(CAP_IPC_LOCK) in hugetlbfs_zero_setup()
This is called at shmget() time and is an actual potential
security hole. hugetlb_prefault() does not perform this
check itself, so it must be done here.
--- akpm-2.5.41/fs/hugetlbfs/inode.c 2002-10-08 18:43:39.000000000 -0700
+++ wli-2.5.41/fs/hugetlbfs/inode.c 2002-10-10 00:30:15.000000000 -0700
@@ -56,6 +56,9 @@
struct address_space *mapping = inode->i_mapping;
int ret;
+ if (!capable(CAP_IPC_LOCK))
+ return -EPERM;
+
if (vma->vm_start & ~HPAGE_MASK)
return -EINVAL;
@@ -259,6 +262,9 @@
struct qstr quick_string;
char buf[16];
+ if (!capable(CAP_IPC_LOCK))
+ return ERR_PTR(-EPERM);
+
n = atomic_read(&hugetlbfs_counter);
atomic_inc(&hugetlbfs_counter);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Oct 15 2002 - 22:00:36 EST