diff options
| author | Andreas Kling <awesomekling@gmail.com> | 2020-01-02 02:36:12 +0100 |
|---|---|---|
| committer | Andreas Kling <awesomekling@gmail.com> | 2020-01-02 02:36:12 +0100 |
| commit | c7eb3ff1b38be5c192bb4a3f6584303476828c1d (patch) | |
| tree | 34a26279aeafb7191d4d3260a111a87840658f3f /Kernel | |
| parent | 3dcec260ed0455a1de9ff5ebbdd6480caf1bd6b4 (diff) | |
| download | serenity-c7eb3ff1b38be5c192bb4a3f6584303476828c1d.zip | |
Kernel: mknod() should not allow unprivileged users to create devices
In fact, unless you are superuser, you may only create a regular file,
a named pipe, or a local domain socket. Anything else should EPERM.
Diffstat (limited to 'Kernel')
| -rw-r--r-- | Kernel/Process.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp index f5532c696a..39c3f68df2 100644 --- a/Kernel/Process.cpp +++ b/Kernel/Process.cpp @@ -3478,6 +3478,11 @@ int Process::sys$mknod(const char* pathname, mode_t mode, dev_t dev) if (!validate_read_str(pathname)) return -EFAULT; + if (!is_superuser()) { + if (!is_regular_file(mode) && !is_fifo(mode) && !is_socket(mode)) + return -EPERM; + } + return VFS::the().mknod(StringView(pathname), mode, dev, current_directory()); } |