RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 06:38:10 +00:00
Code Issues Activity Actions

Kernel: mknod() should not allow unprivileged users to create devices

Browse source 
In fact, unless you are superuser, you may only create a regular file,
a named pipe, or a local domain socket. Anything else should EPERM.
This commit is contained in:
Andreas Kling 2020-01-02 02:36:12 +01:00
parent 3dcec260ed
commit c7eb3ff1b3
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Kernel/Process.cpp
View file

@ -3478,6 +3478,11 @@ int Process::sys$mknod(const char* pathname, mode_t mode, dev_t dev)
if (!validate_read_str(pathname))
return -EFAULT;
if (!is_superuser()) {
if (!is_regular_file(mode) && !is_fifo(mode) && !is_socket(mode))
return -EPERM;
}
return VFS::the().mknod(StringView(pathname), mode, dev, current_directory());
}