| From 35a196bef449b5824033865b963ed9a43fb8c730 Mon Sep 17 00:00:00 2001 |
| From: Paul Moore <paul@paul-moore.com> |
| Date: Fri, 19 Apr 2019 14:55:12 -0400 |
| Subject: proc: prevent changes to overridden credentials |
| |
| From: Paul Moore <paul@paul-moore.com> |
| |
| commit 35a196bef449b5824033865b963ed9a43fb8c730 upstream. |
| |
| Prevent userspace from changing the the /proc/PID/attr values if the |
| task's credentials are currently overriden. This not only makes sense |
| conceptually, it also prevents some really bizarre error cases caused |
| when trying to commit credentials to a task with overridden |
| credentials. |
| |
| Cc: <stable@vger.kernel.org> |
| Reported-by: "chengjian (D)" <cj.chengjian@huawei.com> |
| Signed-off-by: Paul Moore <paul@paul-moore.com> |
| Acked-by: John Johansen <john.johansen@canonical.com> |
| Acked-by: James Morris <james.morris@microsoft.com> |
| Acked-by: Casey Schaufler <casey@schaufler-ca.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/proc/base.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| --- a/fs/proc/base.c |
| +++ b/fs/proc/base.c |
| @@ -2542,6 +2542,11 @@ static ssize_t proc_pid_attr_write(struc |
| rcu_read_unlock(); |
| return -EACCES; |
| } |
| + /* Prevent changes to overridden credentials. */ |
| + if (current_cred() != current_real_cred()) { |
| + rcu_read_unlock(); |
| + return -EBUSY; |
| + } |
| rcu_read_unlock(); |
| |
| if (count > PAGE_SIZE) |