Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 18b0bbd8 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Fix nasty /proc vulnerability 



We have a bad interaction with both the kernel and user space being able
to change some of the /proc file status.  This fixes the most obvious
part of it, but I expect we'll also make it harder for users to modify
even their "own" files in /proc.

Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent ab6cf0d0

fs/proc/base.c

+1 −0
Original line number Diff line number Diff line
@@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) 
		} else {

			inode->i_uid = 0;

			inode->i_gid = 0;

			inode->i_mode = 0;

		}

		security_task_to_inode(task, inode);

		put_task_struct(task);