1
From d48f814bd83a3cbd95dedaf5e4dd91c05cffddc6 Mon Sep 17 00:00:00 2001
2
From: Kees Cook <keescook@chromium.org>
3
Date: Sat, 25 Feb 2012 12:28:43 +1100
4
Subject: [PATCH 2/5] fs-symlink-restrictions-on-sticky-directories-fix-2
8
Cc: Kees Cook <keescook@chromium.org>
9
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
11
Documentation/sysctl/fs.txt | 4 ++--
12
fs/Kconfig | 16 ++++++++--------
13
fs/namei.c | 10 +++++-----
14
include/linux/fs.h | 2 +-
15
kernel/sysctl.c | 6 +++---
16
5 files changed, 19 insertions(+), 19 deletions(-)
18
diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt
19
index 4b47cd5..01daa80 100644
20
--- a/Documentation/sysctl/fs.txt
21
+++ b/Documentation/sysctl/fs.txt
22
@@ -32,7 +32,7 @@ Currently, these files are in /proc/sys/fs:
26
-- protected_sticky_symlinks
31
@@ -158,7 +158,7 @@ The default is 65534.
33
==============================================================
35
-protected_sticky_symlinks:
38
A long-standing class of security issues is the symlink-based
39
time-of-check-time-of-use race, most commonly seen in world-writable
40
diff --git a/fs/Kconfig b/fs/Kconfig
41
index d0fdbdd..f2c46f3 100644
44
@@ -272,7 +272,7 @@ endif # NETWORK_FILESYSTEMS
45
source "fs/nls/Kconfig"
46
source "fs/dlm/Kconfig"
48
-config PROTECTED_STICKY_SYMLINKS
49
+config PROTECTED_SYMLINKS
50
bool "Evaluate vulnerable symlink conditions"
53
@@ -285,10 +285,10 @@ config PROTECTED_STICKY_SYMLINKS
55
Enabling this adds the logic to examine these dangerous symlink
56
conditions. Whether or not the dangerous symlink situations are
57
- allowed is controlled by PROTECTED_STICKY_SYMLINKS_ENABLED.
58
+ allowed is controlled by PROTECTED_SYMLINKS_ENABLED.
60
-config PROTECTED_STICKY_SYMLINKS_ENABLED
61
- depends on PROTECTED_STICKY_SYMLINKS
62
+config PROTECTED_SYMLINKS_ENABLED
63
+ depends on PROTECTED_SYMLINKS
64
bool "Disallow symlink following in sticky world-writable dirs"
67
@@ -298,12 +298,12 @@ config PROTECTED_STICKY_SYMLINKS_ENABLED
68
directory and symlink owners match.
70
When PROC_SYSCTL is enabled, this setting can also be controlled
71
- via /proc/sys/kernel/protected_sticky_symlinks.
72
+ via /proc/sys/kernel/protected_symlinks.
74
-config PROTECTED_STICKY_SYMLINKS_ENABLED_SYSCTL
75
- depends on PROTECTED_STICKY_SYMLINKS
76
+config PROTECTED_SYMLINKS_ENABLED_SYSCTL
77
+ depends on PROTECTED_SYMLINKS
79
- default "1" if PROTECTED_STICKY_SYMLINKS_ENABLED
80
+ default "1" if PROTECTED_SYMLINKS_ENABLED
84
diff --git a/fs/namei.c b/fs/namei.c
85
index 5b4c05b..39edcf7 100644
88
@@ -623,16 +623,16 @@ static inline void put_link(struct nameidata *nd, struct path *link, void *cooki
92
-#ifdef CONFIG_PROTECTED_STICKY_SYMLINKS
93
-int sysctl_protected_sticky_symlinks __read_mostly =
94
- CONFIG_PROTECTED_STICKY_SYMLINKS_ENABLED_SYSCTL;
95
+#ifdef CONFIG_PROTECTED_SYMLINKS
96
+int sysctl_protected_symlinks __read_mostly =
97
+ CONFIG_PROTECTED_SYMLINKS_ENABLED_SYSCTL;
100
* may_follow_link - Check symlink following for unsafe situations
101
* @dentry: The inode/dentry of the symlink
102
* @nameidata: The path data of the symlink
104
- * In the case of the protected_sticky_symlinks sysctl being enabled,
105
+ * In the case of the protected_symlinks sysctl being enabled,
106
* CAP_DAC_OVERRIDE needs to be specifically ignored if the symlink is
107
* in a sticky world-writable directory. This is to protect privileged
108
* processes from failing races against path names that may change out
109
@@ -651,7 +651,7 @@ may_follow_link(struct dentry *dentry, struct nameidata *nameidata)
110
const struct inode *inode;
111
const struct cred *cred;
113
- if (!sysctl_protected_sticky_symlinks)
114
+ if (!sysctl_protected_symlinks)
117
/* Allowed if owner and follower match. */
118
diff --git a/include/linux/fs.h b/include/linux/fs.h
119
index aba8db0..404cc89 100644
120
--- a/include/linux/fs.h
121
+++ b/include/linux/fs.h
122
@@ -423,7 +423,7 @@ extern unsigned long get_max_files(void);
123
extern int sysctl_nr_open;
124
extern struct inodes_stat_t inodes_stat;
125
extern int leases_enable, lease_break_time;
126
-extern int sysctl_protected_sticky_symlinks;
127
+extern int sysctl_protected_symlinks;
130
typedef int (get_block_t)(struct inode *inode, sector_t iblock,
131
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
132
index c469b88..0624e7c 100644
133
--- a/kernel/sysctl.c
134
+++ b/kernel/sysctl.c
135
@@ -1497,10 +1497,10 @@ static struct ctl_table fs_table[] = {
139
-#ifdef CONFIG_PROTECTED_STICKY_SYMLINKS
140
+#ifdef CONFIG_PROTECTED_SYMLINKS
142
- .procname = "protected_sticky_symlinks",
143
- .data = &sysctl_protected_sticky_symlinks,
144
+ .procname = "protected_symlinks",
145
+ .data = &sysctl_protected_symlinks,
146
.maxlen = sizeof(int),
148
.proc_handler = proc_dointvec_minmax,