UBUNTU: SAUCE: Yama: verify inode is symlink to avoid bind mounts

[linux-flexiantxendom0-natty.git] / security / yama / yama_lsm.c

diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 4a5bc1a..1fb1f90 100644 (file)
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -285,9 +285,13 @@ int yama_inode_follow_link(struct dentry *dentry,
        if (!protected_sticky_symlinks)
                return 0;
 
+       /* if inode isn't a symlink, don't try to evaluate blocking it */
+       inode = dentry->d_inode;
+       if (!S_ISLNK(inode->i_mode))
+               return 0;
+
        /* owner and follower match? */
        cred = current_cred();
-       inode = dentry->d_inode;
        if (cred->fsuid == inode->i_uid)
                return 0;