[PATCH] check permission in ->open for /proc/sys/

[PATCH] check permission in ->open for /proc/sys/

[Christoph Hellwig]

It's the only abuse of proc_iops left (escept the totally b0rked comx
driver).  The patch is from Al, I just forward-ported it from 2.4.


--- 1.53/kernel/sysctl.c	Tue Sep  9 02:08:58 2003
+++ edited/kernel/sysctl.c	Tue Sep 23 15:29:35 2003
@@ -136,17 +136,14 @@
 
 static ssize_t proc_readsys(struct file *, char __user *, size_t, loff_t *);
 static ssize_t proc_writesys(struct file *, const char __user *, size_t, loff_t *);
-static int proc_sys_permission(struct inode *, int, struct nameidata *);
+static int proc_opensys(struct inode *, struct file *);
 
 struct file_operations proc_sys_file_operations = {
+	.open		= proc_opensys,
 	.read		= proc_readsys,
 	.write		= proc_writesys,
 };
 
-static struct inode_operations proc_sys_inode_operations = {
-	.permission	= proc_sys_permission,
-};
-
 extern struct proc_dir_entry *proc_sys_root;
 
 static void register_proc_table(ctl_table *, struct proc_dir_entry *);
@@ -1140,10 +1137,8 @@
 			if (!de)
 				continue;
 			de->data = (void *) table;
-			if (table->proc_handler) {
+			if (table->proc_handler)
 				de->proc_fops = &proc_sys_file_operations;
-				de->proc_iops = &proc_sys_inode_operations;
-			}
 		}
 		table->de = de;
 		if (de->mode & S_IFDIR)
@@ -1212,6 +1207,20 @@
 	return res;
 }
 
+static int proc_opensys(struct inode *inode, struct file *file)
+{
+	if (file->f_mode & FMODE_WRITE) {
+		/*
+		 * sysctl entries that are not writable,
+		 * are _NOT_ writable, capabilities or not.
+		 */
+		if (!(inode->i_mode & S_IWUSR))
+			return -EPERM;
+	}
+
+	return 0;
+}
+
 static ssize_t proc_readsys(struct file * file, char __user * buf,
 			    size_t count, loff_t *ppos)
 {
@@ -1222,11 +1231,6 @@
 			     size_t count, loff_t *ppos)
 {
 	return do_rw_proc(1, file, (char __user *) buf, count, ppos);
-}
-
-static int proc_sys_permission(struct inode *inode, int op, struct nameidata *nd)
-{
-	return test_perm(inode->i_mode, op);
 }
 
 /**