Qortal/Brooklyn
3
0
Fork 1
mirror of https://github.com/Qortal/Brooklyn.git synced 2025-01-30 23:02:18 +00:00
Code Issues Projects Releases Wiki Activity
672dd04e8b
Brooklyn/grsecurity/grsec_fifo.c

27 lines
849 B
C
Raw Normal View History

Auto exploit mitigation feature * 0day explit mitigation * Memory corruption prevention * Privilege escalation prevention * Buffer over flow prevention * File System corruption defense * Thread escape prevention This may very well be the most intensive inclusion to BrooklynR. This will not be part of an x86 suite nor it will be released as tool kit. The security core toolkit will remain part of kernel base.
2021-11-13 04:26:51 +00:00
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/fs.h>
#include <linux/file.h>
#include <linux/grinternal.h>
int
gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
const struct dentry *dir, const int flag, const int acc_mode)
{
#ifdef CONFIG_GRKERNSEC_FIFO
const struct cred *cred = current_cred();
struct inode *inode = d_backing_inode(dentry);
struct inode *dir_inode = d_backing_inode(dir);
if (grsec_enable_fifo && S_ISFIFO(inode->i_mode) &&
!(flag & O_EXCL) && (dir_inode->i_mode & S_ISVTX) &&
!uid_eq(inode->i_uid, dir_inode->i_uid) &&
!uid_eq(cred->fsuid, inode->i_uid)) {
if (!inode_permission(inode, acc_mode))
gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, GR_GLOBAL_UID(inode->i_uid), GR_GLOBAL_GID(inode->i_gid));
return -EACCES;
}
#endif
return 0;
}
Reference in New Issue Copy Permalink