Commit b4a04f92 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'v6.6-fs.proc.uapi' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull procfs fixes from Christian Brauner:
 "Mode changes to files under /proc/<pid>/ aren't supported ever since
  commit 6d76fa58 ("Don't allow chmod() on the /proc/<pid>/ files").

  Due to an oversight in commit 1b3044e3 ("procfs: fix pthread
  cross-thread naming if !PR_DUMPABLE") in switching from REG to NOD,
  mode changes on /proc/thread-self/comm were accidently allowed.

  Similar, mode changes for all files beneath /proc/<pid>/net/ are
  blocked but mode changes on /proc/<pid>/net itself were accidently
  allowed.

  Both issues come down to not using the generic proc_setattr() helper
  which blocks all mode changes. This is rectified with this pull
  request.

  This also removes a strange nolibc test that abused /proc/<pid>/net
  for testing mode changes. Using procfs for this test never made a lot
  of sense given procfs has special semantics for almost everything
  anway.

  Both changes are minor user-visible changes. It is however very
  unlikely that mode changes on proc/<pid>/net and
  /proc/thread-self/comm are something that userspace relies on"

* tag 'v6.6-fs.proc.uapi' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  procfs: block chmod on /proc/thread-self/comm
  proc: use generic setattr() for /proc/$PID/net
  selftests/nolibc: drop test chmod_net
parents 2e0afa7e ccf61486
...@@ -3583,6 +3583,7 @@ static int proc_tid_comm_permission(struct mnt_idmap *idmap, ...@@ -3583,6 +3583,7 @@ static int proc_tid_comm_permission(struct mnt_idmap *idmap,
} }
static const struct inode_operations proc_tid_comm_inode_operations = { static const struct inode_operations proc_tid_comm_inode_operations = {
.setattr = proc_setattr,
.permission = proc_tid_comm_permission, .permission = proc_tid_comm_permission,
}; };
......
...@@ -321,6 +321,7 @@ static int proc_tgid_net_getattr(struct mnt_idmap *idmap, ...@@ -321,6 +321,7 @@ static int proc_tgid_net_getattr(struct mnt_idmap *idmap,
const struct inode_operations proc_net_inode_operations = { const struct inode_operations proc_net_inode_operations = {
.lookup = proc_tgid_net_lookup, .lookup = proc_tgid_net_lookup,
.getattr = proc_tgid_net_getattr, .getattr = proc_tgid_net_getattr,
.setattr = proc_setattr,
}; };
static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx) static int proc_tgid_net_readdir(struct file *file, struct dir_context *ctx)
......
...@@ -577,7 +577,6 @@ int run_syscall(int min, int max) ...@@ -577,7 +577,6 @@ int run_syscall(int min, int max)
CASE_TEST(chdir_root); EXPECT_SYSZR(1, chdir("/")); break; CASE_TEST(chdir_root); EXPECT_SYSZR(1, chdir("/")); break;
CASE_TEST(chdir_dot); EXPECT_SYSZR(1, chdir(".")); break; CASE_TEST(chdir_dot); EXPECT_SYSZR(1, chdir(".")); break;
CASE_TEST(chdir_blah); EXPECT_SYSER(1, chdir("/blah"), -1, ENOENT); break; CASE_TEST(chdir_blah); EXPECT_SYSER(1, chdir("/blah"), -1, ENOENT); break;
CASE_TEST(chmod_net); EXPECT_SYSZR(proc, chmod("/proc/self/net", 0555)); break;
CASE_TEST(chmod_self); EXPECT_SYSER(proc, chmod("/proc/self", 0555), -1, EPERM); break; CASE_TEST(chmod_self); EXPECT_SYSER(proc, chmod("/proc/self", 0555), -1, EPERM); break;
CASE_TEST(chown_self); EXPECT_SYSER(proc, chown("/proc/self", 0, 0), -1, EPERM); break; CASE_TEST(chown_self); EXPECT_SYSER(proc, chown("/proc/self", 0, 0), -1, EPERM); break;
CASE_TEST(chroot_root); EXPECT_SYSZR(euid0, chroot("/")); break; CASE_TEST(chroot_root); EXPECT_SYSZR(euid0, chroot("/")); break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment