Yama: do not modify global sysctl table entry
authorKees Cook <keescook@chromium.org>
Wed, 27 Feb 2013 16:37:56 +0000 (08:37 -0800)
committerKees Cook <keescook@chromium.org>
Sat, 28 Feb 2015 00:53:09 +0000 (16:53 -0800)
When the sysctl table is constified, we won't be able to directly modify
it. Instead, use a table copy that carries any needed changes.

Suggested-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Kees Cook <keescook@chromium.org>
security/yama/yama_lsm.c

index 13c88fbcf0371cc32340791e335eeb0b4758f875..24aae2ae2b3004e7c31bb72bffa1645aff79d075 100644 (file)
@@ -379,20 +379,17 @@ static struct security_operations yama_ops = {
 static int yama_dointvec_minmax(struct ctl_table *table, int write,
                                void __user *buffer, size_t *lenp, loff_t *ppos)
 {
-       int rc;
+       struct ctl_table table_copy;
 
        if (write && !capable(CAP_SYS_PTRACE))
                return -EPERM;
 
-       rc = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
-       if (rc)
-               return rc;
-
        /* Lock the max value if it ever gets set. */
-       if (write && *(int *)table->data == *(int *)table->extra2)
-               table->extra1 = table->extra2;
+       table_copy = *table;
+       if (*(int *)table_copy.data == *(int *)table_copy.extra2)
+               table_copy.extra1 = table_copy.extra2;
 
-       return rc;
+       return proc_dointvec_minmax(&table_copy, write, buffer, lenp, ppos);
 }
 
 static int zero;