Kees Cook 5e910e1d03 proc: Check /proc/$pid/attr/ writes against file opener ...

commit bfb819ea20 upstream.

Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
files need to check the opener credentials, since these fds do not
transition state across execve(). Without this, it is possible to
trick another process (which may have different credentials) to write
to its own /proc/$pid/attr/ files, leading to unexpected and possibly
exploitable behaviors.

[1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-05-16 11:09:39 +09:00

..

array.c

fs/proc/array.c: allow reporting eip/esp for all coredumping threads

2023-05-15 13:55:58 +09:00

base.c

proc: Check /proc/$pid/attr/ writes against file opener

2023-05-16 11:09:39 +09:00

cmdline.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

consoles.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

cpuinfo.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

devices.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

fd.c

proc: unsigned file descriptors

2016-09-27 18:47:38 -04:00

fd.h

proc: unsigned file descriptors

2016-09-27 18:47:38 -04:00

generic.c

proc: Fix unbalanced hard link numbers

2017-05-25 15:44:37 +02:00

inode.c

proc: Use new_inode not new_inode_pseudo

2023-05-15 17:32:44 +09:00

internal.h

proc: Fix proc_sys_prune_dcache to hold a sb reference

2023-05-12 16:52:20 +09:00

interrupts.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

Kconfig

ANDROID: proc: Add /proc/uid directory

2018-04-03 11:15:30 -07:00

kcore.c

vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page

2018-05-30 07:50:26 +02:00

kmsg.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

loadavg.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

Makefile

ANDROID: proc: Add /proc/uid directory

2018-04-03 11:15:30 -07:00

meminfo.c

Amlogic: sync the code from mainline. [1/1]

2020-02-04 13:48:58 +09:00

namespaces.c

switch all procfs directories ->iterate_shared()

2016-05-02 19:49:30 -04:00

nommu.c

vfs: add seq_file_path() helper

2015-06-23 18:01:07 -04:00

page.c

mm: rename _count, field of the struct page, to _refcount

2016-05-19 19:12:14 -07:00

proc_net.c

proc: make proc entries inherit ownership from parent

2016-08-14 21:07:20 -07:00

proc_sysctl.c

fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.

2023-05-15 14:02:16 +09:00

proc_tty.c

tty fix oops when rmmod 8250

2017-12-20 10:07:32 +01:00

root.c

ANDROID: proc: Add /proc/uid directory

2018-04-03 11:15:30 -07:00

self.c

proc: don't allow async path resolution of /proc/self components

2023-05-16 09:50:00 +09:00

softirqs.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

stat.c

sched/cputime: Convert kcpustat to nsecs

2023-05-15 09:10:24 +09:00

task_mmu.c

mm: add cond_resched() in gather_pte_stats()

2023-05-16 10:51:54 +09:00

task_nommu.c

fs/proc: Stop trying to report thread stacks

2016-10-20 09:21:41 +02:00

thread_self.c

proc: Use new_inode not new_inode_pseudo

2023-05-15 17:32:44 +09:00

uid.c

ANDROID: proc: fix undefined behavior in proc_uid_base_readdir

2018-05-24 01:28:28 +00:00

uptime.c

sched/cputime: Convert kcpustat to nsecs

2023-05-15 09:10:24 +09:00

version.c

fs/proc: don't use module_init for non-modular core code

2014-01-23 16:37:02 -08:00

vmcore.c

vmalloc: fix remap_vmalloc_range() bounds checks

2023-05-15 17:23:21 +09:00