deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 21 Jul 2011 13:13:46 +0000 (14:13 +0100)
committerHerton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Mon, 29 Aug 2011 19:23:07 +0000 (16:23 -0300)
commit9d7a0bfda0413f059f80501186470d72dccad75d
treef13b7c3c5cb379d13cfb2621070f926858e70ddd
parent232d2014cde46cc0cf13be987403575e87aefea5
deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020

All of those are rw-r--r-- and all are broken for suid - if you open
a file before the target does suid-root exec, you'll be still able
to access it.  For personality it's not a big deal, but for syscall
and stack it's a real problem.

Fix: check that task is tracable for you at the time of read().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(backported from commit a9712bc12c40c172e393f85a9b2ba8db4bf59509)
CVE-2011-1020
BugLink: http://bugs.launchpad.net/bugs/813026
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
fs/proc/base.c