releases/4.19.46/proc-prevent-changes-to-overridden-credentials.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 35a196bef449b5824033865b963ed9a43fb8c730 Mon Sep 17 00:00:00 2001
 From: Paul Moore <paul@paul-moore.com>
 Date: Fri, 19 Apr 2019 14:55:12 -0400
 Subject: proc: prevent changes to overridden credentials

 From: Paul Moore <paul@paul-moore.com>

 commit 35a196bef449b5824033865b963ed9a43fb8c730 upstream.

 Prevent userspace from changing the the /proc/PID/attr values if the
 task's credentials are currently overriden.  This not only makes sense
 conceptually, it also prevents some really bizarre error cases caused
 when trying to commit credentials to a task with overridden
 credentials.

 Cc: <stable@vger.kernel.org>
 Reported-by: "chengjian (D)" <cj.chengjian@huawei.com>
 Signed-off-by: Paul Moore <paul@paul-moore.com>
 Acked-by: John Johansen <john.johansen@canonical.com>
 Acked-by: James Morris <james.morris@microsoft.com>
 Acked-by: Casey Schaufler <casey@schaufler-ca.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  fs/proc/base.c |    5 +++++
  1 file changed, 5 insertions(+)

 --- a/fs/proc/base.c
 +++ b/fs/proc/base.c
 @@ -2542,6 +2542,11 @@ static ssize_t proc_pid_attr_write(struc
  		rcu_read_unlock();
  		return -EACCES;
  	}
 +	/* Prevent changes to overridden credentials. */
 +	if (current_cred() != current_real_cred()) {
 +		rcu_read_unlock();
 +		return -EBUSY;
 +	}
  	rcu_read_unlock();

  	if (count > PAGE_SIZE)
	From 35a196bef449b5824033865b963ed9a43fb8c730 Mon Sep 17 00:00:00 2001
	From: Paul Moore <paul@paul-moore.com>
	Date: Fri, 19 Apr 2019 14:55:12 -0400
	Subject: proc: prevent changes to overridden credentials

	From: Paul Moore <paul@paul-moore.com>

	commit 35a196bef449b5824033865b963ed9a43fb8c730 upstream.

	Prevent userspace from changing the the /proc/PID/attr values if the
	task's credentials are currently overriden. This not only makes sense
	conceptually, it also prevents some really bizarre error cases caused
	when trying to commit credentials to a task with overridden
	credentials.

	Cc: <stable@vger.kernel.org>
	Reported-by: "chengjian (D)" <cj.chengjian@huawei.com>
	Signed-off-by: Paul Moore <paul@paul-moore.com>
	Acked-by: John Johansen <john.johansen@canonical.com>
	Acked-by: James Morris <james.morris@microsoft.com>
	Acked-by: Casey Schaufler <casey@schaufler-ca.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	fs/proc/base.c \| 5 +++++
	1 file changed, 5 insertions(+)

	--- a/fs/proc/base.c
	+++ b/fs/proc/base.c
	@@ -2542,6 +2542,11 @@ static ssize_t proc_pid_attr_write(struc
	rcu_read_unlock();
	return -EACCES;
	}
	+ /* Prevent changes to overridden credentials. */
	+ if (current_cred() != current_real_cred()) {
	+ rcu_read_unlock();
	+ return -EBUSY;
	+ }
	rcu_read_unlock();

	if (count > PAGE_SIZE)