deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 21 Jul 2011 13:13:46 +0000 (14:13 +0100)
committerTim Gardner <tim.gardner@canonical.com>
Thu, 21 Jul 2011 20:08:08 +0000 (14:08 -0600)
commit1ccbea50981ed17ceece93327cbf82d89b429c6d
tree47bb2f97e46fc4e88645907d7fc2cdbe6c13bc7f
parentb2bc9b5c10531187cc08d7b91760b3e6c4f0fd6e
deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020

All of those are rw-r--r-- and all are broken for suid - if you open
a file before the target does suid-root exec, you'll be still able
to access it.  For personality it's not a big deal, but for syscall
and stack it's a real problem.

Fix: check that task is tracable for you at the time of read().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(backported from commit a9712bc12c40c172e393f85a9b2ba8db4bf59509)
CVE-2011-1020
BugLink: http://bugs.launchpad.net/bugs/813026
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
fs/proc/base.c