Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 3cfc8ca6984d14417aadba41fa5e3f9dc8c87c22
commit3cfc8ca6984d14417aadba41fa5e3f9dc8c87c22[log] [tgz]
authorKees Cook <keescook@chromium.org>Tue May 25 12:37:35 2021 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Jun 03 08:23:27 2021 +0200
treec4b02a02fed6c64957655b7313a5fe71e5ff7201
parent4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42 [diff]
proc: Check /proc/$pid/attr/ writes against file opener

commit bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 upstream.

Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
files need to check the opener credentials, since these fds do not
transition state across execve(). Without this, it is possible to
trick another process (which may have different credentials) to write
to its own /proc/$pid/attr/ files, leading to unexpected and possibly
exploitable behaviors.

[1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials

Fixes: 1da177e4c3f41 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: c4b02a02fed6c64957655b7313a5fe71e5ff7201
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS