forked from luck/tmp_suning_uos_patched
f70102cb36
commit 591a22c14d3f45cc38bd1931c593c221df2f1881 upstream.
Commit bfb819ea20ce ("proc: Check /proc/$pid/attr/ writes against file opener")
tried to make sure that there could not be a confusion between the opener of
a /proc/$pid/attr/ file and the writer. It used struct cred to make sure
the privileges didn't change. However, there were existing cases where a more
privileged thread was passing the opened fd to a differently privileged thread
(during container setup). Instead, use mm_struct to track whether the opener
and writer are still the same process. (This is what several other proc files
already do, though for different reasons.)
Reported-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Andrea Righi <andrea.righi@canonical.com>
Tested-by: Andrea Righi <andrea.righi@canonical.com>
Fixes: bfb819ea20ce ("proc: Check /proc/$pid/attr/ writes against file opener")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|---|---|---|
| .. | ||
| array.c | ||
| base.c | ||
| bootconfig.c | ||
| cmdline.c | ||
| consoles.c | ||
| cpuinfo.c | ||
| devices.c | ||
| fd.c | ||
| fd.h | ||
| generic.c | ||
| inode.c | ||
| internal.h | ||
| interrupts.c | ||
| Kconfig | ||
| kcore.c | ||
| kmsg.c | ||
| loadavg.c | ||
| Makefile | ||
| meminfo.c | ||
| namespaces.c | ||
| nommu.c | ||
| page.c | ||
| proc_net.c | ||
| proc_sysctl.c | ||
| proc_tty.c | ||
| root.c | ||
| self.c | ||
| softirqs.c | ||
| stat.c | ||
| task_mmu.c | ||
| task_nommu.c | ||
| thread_self.c | ||
| uptime.c | ||
| util.c | ||
| version.c | ||
| vmcore.c | ||