[PATCH] check attr updates in /proc

Any proc entry with default proc_file_inode_operations allow unauthorized
attribute updates.  This is very dangerous for proc entries that rely
solely on file permissions for open/read/write.

Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 14 insertions, 7 deletions

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index b16a42d5f682..72febc00fa3b 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -231,14 +231,21 @@ out:
 static int proc_notify_change(struct dentry *dentry, struct iattr *iattr)
 {
 	struct inode *inode = dentry->d_inode;
-	int error = inode_setattr(inode, iattr);
-	if (!error) {
-		struct proc_dir_entry *de = PDE(inode);
-		de->uid = inode->i_uid;
-		de->gid = inode->i_gid;
-		de->mode = inode->i_mode;
-	}
+	struct proc_dir_entry *de = PDE(inode);
+	int error;
+
+	error = inode_change_ok(inode, iattr);
+	if (error)
+		goto out;
 
+	error = inode_setattr(inode, iattr);
+	if (error)
+		goto out;
+	
+	de->uid = inode->i_uid;
+	de->gid = inode->i_gid;
+	de->mode = inode->i_mode;
+out:
 	return error;
 }