| From git-commits-head-owner@vger.kernel.org Fri Jul 14 16:59:56 2006 |
| Date: Fri, 14 Jul 2006 23:59:02 GMT |
| Message-Id: <200607142359.k6ENx2iQ032185@hera.kernel.org> |
| From: Linus Torvalds <torvalds@osdl.org> |
| To: git-commits-head@vger.kernel.org |
| Subject: Fix nasty /proc vulnerability (CVE-2006-3626) |
| |
| Fix nasty /proc vulnerability |
| |
| We have a bad interaction with both the kernel and user space being able |
| to change some of the /proc file status. This fixes the most obvious |
| part of it, but I expect we'll also make it harder for users to modify |
| even their "own" files in /proc. |
| |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/proc/base.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- linux-2.6.16.24.orig/fs/proc/base.c |
| +++ linux-2.6.16.24/fs/proc/base.c |
| @@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry |
| } else { |
| inode->i_uid = 0; |
| inode->i_gid = 0; |
| + inode->i_mode = 0; |
| } |
| security_task_to_inode(task, inode); |
| return 1; |