iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
848ca9182a
linux/fs/proc
History
Kees Cook bfb819ea20 proc: Check /proc/$pid/attr/ writes against file opener 
Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
files need to check the opener credentials, since these fds do not
transition state across execve(). Without this, it is possible to
trick another process (which may have different credentials) to write
to its own /proc/$pid/attr/ files, leading to unexpected and possibly
exploitable behaviors.

[1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2021-05-25 10:24:41 -10:00
..
array.c seccomp: Fix CONFIG tests for Seccomp_filters 2021-03-30 22:33:50 -07:00
base.c proc: Check /proc/$pid/attr/ writes against file opener 2021-05-25 10:24:41 -10:00
bootconfig.c proc/bootconfig: Fix to use correct quotes for value 2020-06-16 21:21:03 -04:00
cmdline.c
consoles.c
cpuinfo.c proc/cpuinfo: switch to ->read_iter 2020-11-06 10:05:18 -08:00
devices.c block: move block-related definitions out of fs.h 2020-06-24 09:16:02 -06:00
fd.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
fd.h fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
generic.c proc: save LOC in __xlate_proc_name() 2021-05-06 19:24:11 -07:00
inode.c proc: delete redundant subset=pid check 2021-05-06 19:24:11 -07:00
internal.h fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
interrupts.c
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
kcore.c arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL 2020-12-15 12:13:42 -08:00
kmsg.c proc: faster open/read/close with "permanent" files 2020-04-07 10:43:42 -07:00
loadavg.c
Makefile proc: bootconfig: Add /proc/bootconfig to show boot config list 2020-01-13 13:19:39 -05:00
meminfo.c mm: memcontrol: convert NR_FILE_PMDMAPPED account to pages 2021-02-24 13:38:29 -08:00
namespaces.c Merge branch 'work.openat2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-01-29 11:20:24 -08:00
nommu.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
page.c mm: Add PG_arch_2 page flag 2020-09-04 12:46:06 +01:00
proc_net.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
proc_sysctl.c proc/sysctl: fix function name error in comments 2021-05-06 19:24:11 -07:00
proc_tty.c
root.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
self.c Revert "proc: don't allow async path resolution of /proc/self components" 2021-02-23 20:32:11 -07:00
softirqs.c
stat.c time-namespace-v5.11 2020-12-14 16:35:39 -08:00
task_mmu.c userfaultfd: add minor fault registration mode 2021-05-05 11:27:22 -07:00
task_nommu.c mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
thread_self.c Revert "proc: don't allow async path resolution of /proc/thread-self components" 2021-02-23 20:32:11 -07:00
uptime.c fs/proc: Respect boottime inside time namespace for /proc/uptime 2020-01-14 12:20:56 +01:00
util.c
version.c
vmcore.c vmalloc: remove redundant NULL check 2021-02-24 13:38:30 -08:00