pidfs: guard against ioctl type confusion
The pidfs ioctl handler needs to look at the type of the ioctl command
to guard against cases where "[...] a daemon receives some random file
descriptor from a (potentially less privileged) client and expects the
FD to be of some specific type, it might call ioctl() on this FD with
some type-specific command and expect the call to fail if the FD is of
the wrong type; but due to the missing type check, the kernel instead
performs some action that userspace didn't expect." (cf. [1]]
Reported-by: Jann Horn <jannh@google.com>
Cc: stable@vger.kernel.org # v6.13
Link: https://lore.kernel.org/r/CAG48ez2K9A5GwtgqO31u9ZL292we8ZwAA=TJwwEv7wRuJ3j4Lw@mail.gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
1 file changed
