[PATCH] LSM: add missing hook to do_compat_readv_writev()

This patch addresses a flaw in LSM, where there is no mediation of readv() and writev() in for 32-bit compatible apps using a 64-bit kernel. This bug was discovered and fixed initially in the native readv/writev code [1], but was not fixed in the compat code. Thanks to Al for spotting this one. [1] http://lwn.net/Articles/154282/ Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
author: James Morris <jmorris@namei.org> 2006-04-26 15:11:00 +0000
committer: Greg Kroah-Hartman <gregkh@suse.de> 2006-05-01 12:03:44 -0700
commit: 9120b4470e2e57f196a0e470898ae628725fb4c2 (patch)
tree: ad144b3fee2d7a0be16181226f1de751e010f6ba /fs
parent: 41fd2d35389e0fc809d696f352d7c44850d5a67b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/compat.c b/fs/compat.c
index 5333c7d7427f..04f6fb53340c 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1215,6 +1215,10 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
 	if (ret < 0)
 		goto out;
 
+	ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE);
+	if (ret)
+		goto out;
+
 	fnv = NULL;
 	if (type == READ) {
 		fn = file->f_op->read;
author	James Morris <jmorris@namei.org>	2006-04-26 15:11:00 +0000
committer	Greg Kroah-Hartman <gregkh@suse.de>	2006-05-01 12:03:44 -0700
commit	9120b4470e2e57f196a0e470898ae628725fb4c2 (patch)
tree	ad144b3fee2d7a0be16181226f1de751e010f6ba /fs
parent	41fd2d35389e0fc809d696f352d7c44850d5a67b (diff)