From: Kay Sievers <kay.sievers@vrfy.org>
Date: Mon, 18 Jul 2011 19:19:00 +0000 (+0200)
Subject: do not allow kernel properties to be set by udev rules
X-Git-Tag: 174~55
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=ace6bfa72525089790b773ab0178e6d1a129357f

do not allow kernel properties to be set by udev rules
---

diff --git a/udev/udev-rules.c b/udev/udev-rules.c
index 7db076730..89d98248a 100644
--- a/udev/udev-rules.c
+++ b/udev/udev-rules.c
@@ -1385,6 +1385,26 @@ static int add_rule(struct udev_rules *rules, char *line,
 				if (rule_add_key(&rule_tmp, TK_M_ENV, op, value, attr) != 0)
 					goto invalid;
 			} else {
+				static const char *blacklist[] = {
+					"ACTION",
+					"SUBSYSTEM",
+					"DEVTYPE",
+					"MAJOR",
+					"MINOR",
+					"DRIVER",
+					"IFINDEX",
+					"DEVNAME",
+					"DEVLINKS",
+					"DEVPATH",
+					"TAGS",
+				};
+				unsigned int i;
+
+				for (i = 0; i < ARRAY_SIZE(blacklist); i++)
+					if (strcmp(attr, blacklist[i]) == 0) {
+						err(rules->udev, "invalid ENV attribute, '%s' can not be set %s:%u\n", attr, filename, lineno);
+						continue;
+					}
 				if (rule_add_key(&rule_tmp, TK_A_ENV, op, value, attr) != 0)
 					goto invalid;
 			}