1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
From d48f814bd83a3cbd95dedaf5e4dd91c05cffddc6 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Sat, 25 Feb 2012 12:28:43 +1100
Subject: [PATCH 2/5] fs-symlink-restrictions-on-sticky-directories-fix-2
s/sticky_//
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
Documentation/sysctl/fs.txt | 4 ++--
fs/Kconfig | 16 ++++++++--------
fs/namei.c | 10 +++++-----
include/linux/fs.h | 2 +-
kernel/sysctl.c | 6 +++---
5 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt
index 4b47cd5..01daa80 100644
--- a/Documentation/sysctl/fs.txt
+++ b/Documentation/sysctl/fs.txt
@@ -32,7 +32,7 @@ Currently, these files are in /proc/sys/fs:
- nr_open
- overflowuid
- overflowgid
-- protected_sticky_symlinks
+- protected_symlinks
- suid_dumpable
- super-max
- super-nr
@@ -158,7 +158,7 @@ The default is 65534.
==============================================================
-protected_sticky_symlinks:
+protected_symlinks:
A long-standing class of security issues is the symlink-based
time-of-check-time-of-use race, most commonly seen in world-writable
diff --git a/fs/Kconfig b/fs/Kconfig
index d0fdbdd..f2c46f3 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -272,7 +272,7 @@ endif # NETWORK_FILESYSTEMS
source "fs/nls/Kconfig"
source "fs/dlm/Kconfig"
-config PROTECTED_STICKY_SYMLINKS
+config PROTECTED_SYMLINKS
bool "Evaluate vulnerable symlink conditions"
default y
help
@@ -285,10 +285,10 @@ config PROTECTED_STICKY_SYMLINKS
Enabling this adds the logic to examine these dangerous symlink
conditions. Whether or not the dangerous symlink situations are
- allowed is controlled by PROTECTED_STICKY_SYMLINKS_ENABLED.
+ allowed is controlled by PROTECTED_SYMLINKS_ENABLED.
-config PROTECTED_STICKY_SYMLINKS_ENABLED
- depends on PROTECTED_STICKY_SYMLINKS
+config PROTECTED_SYMLINKS_ENABLED
+ depends on PROTECTED_SYMLINKS
bool "Disallow symlink following in sticky world-writable dirs"
default y
help
@@ -298,12 +298,12 @@ config PROTECTED_STICKY_SYMLINKS_ENABLED
directory and symlink owners match.
When PROC_SYSCTL is enabled, this setting can also be controlled
- via /proc/sys/kernel/protected_sticky_symlinks.
+ via /proc/sys/kernel/protected_symlinks.
-config PROTECTED_STICKY_SYMLINKS_ENABLED_SYSCTL
- depends on PROTECTED_STICKY_SYMLINKS
+config PROTECTED_SYMLINKS_ENABLED_SYSCTL
+ depends on PROTECTED_SYMLINKS
int
- default "1" if PROTECTED_STICKY_SYMLINKS_ENABLED
+ default "1" if PROTECTED_SYMLINKS_ENABLED
default "0"
endmenu
diff --git a/fs/namei.c b/fs/namei.c
index 5b4c05b..39edcf7 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -623,16 +623,16 @@ static inline void put_link(struct nameidata *nd, struct path *link, void *cooki
path_put(link);
}
-#ifdef CONFIG_PROTECTED_STICKY_SYMLINKS
-int sysctl_protected_sticky_symlinks __read_mostly =
- CONFIG_PROTECTED_STICKY_SYMLINKS_ENABLED_SYSCTL;
+#ifdef CONFIG_PROTECTED_SYMLINKS
+int sysctl_protected_symlinks __read_mostly =
+ CONFIG_PROTECTED_SYMLINKS_ENABLED_SYSCTL;
/**
* may_follow_link - Check symlink following for unsafe situations
* @dentry: The inode/dentry of the symlink
* @nameidata: The path data of the symlink
*
- * In the case of the protected_sticky_symlinks sysctl being enabled,
+ * In the case of the protected_symlinks sysctl being enabled,
* CAP_DAC_OVERRIDE needs to be specifically ignored if the symlink is
* in a sticky world-writable directory. This is to protect privileged
* processes from failing races against path names that may change out
@@ -651,7 +651,7 @@ may_follow_link(struct dentry *dentry, struct nameidata *nameidata)
const struct inode *inode;
const struct cred *cred;
- if (!sysctl_protected_sticky_symlinks)
+ if (!sysctl_protected_symlinks)
return 0;
/* Allowed if owner and follower match. */
diff --git a/include/linux/fs.h b/include/linux/fs.h
index aba8db0..404cc89 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -423,7 +423,7 @@ extern unsigned long get_max_files(void);
extern int sysctl_nr_open;
extern struct inodes_stat_t inodes_stat;
extern int leases_enable, lease_break_time;
-extern int sysctl_protected_sticky_symlinks;
+extern int sysctl_protected_symlinks;
struct buffer_head;
typedef int (get_block_t)(struct inode *inode, sector_t iblock,
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c469b88..0624e7c 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1497,10 +1497,10 @@ static struct ctl_table fs_table[] = {
},
#endif
#endif
-#ifdef CONFIG_PROTECTED_STICKY_SYMLINKS
+#ifdef CONFIG_PROTECTED_SYMLINKS
{
- .procname = "protected_sticky_symlinks",
- .data = &sysctl_protected_sticky_symlinks,
+ .procname = "protected_symlinks",
+ .data = &sysctl_protected_symlinks,
.maxlen = sizeof(int),
.mode = 0600,
.proc_handler = proc_dointvec_minmax,
--
1.7.9.1
|