From ace6bfa72525089790b773ab0178e6d1a129357f Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay.sievers@vrfy.org>
Date: Mon, 18 Jul 2011 21:19:00 +0200
Subject: [PATCH] do not allow kernel properties to be set by udev rules

---
 udev/udev-rules.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/udev/udev-rules.c b/udev/udev-rules.c
index 7db076730..89d98248a 100644
--- a/udev/udev-rules.c
+++ b/udev/udev-rules.c
@@ -1385,6 +1385,26 @@ static int add_rule(struct udev_rules *rules, char *line,
 				if (rule_add_key(&rule_tmp, TK_M_ENV, op, value, attr) != 0)
 					goto invalid;
 			} else {
+				static const char *blacklist[] = {
+					"ACTION",
+					"SUBSYSTEM",
+					"DEVTYPE",
+					"MAJOR",
+					"MINOR",
+					"DRIVER",
+					"IFINDEX",
+					"DEVNAME",
+					"DEVLINKS",
+					"DEVPATH",
+					"TAGS",
+				};
+				unsigned int i;
+
+				for (i = 0; i < ARRAY_SIZE(blacklist); i++)
+					if (strcmp(attr, blacklist[i]) == 0) {
+						err(rules->udev, "invalid ENV attribute, '%s' can not be set %s:%u\n", attr, filename, lineno);
+						continue;
+					}
 				if (rule_add_key(&rule_tmp, TK_A_ENV, op, value, attr) != 0)
 					goto invalid;
 			}
-- 
2.30.2