[PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)

Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

[PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)
Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
d8a27075 · Linus Torvalds · Greg Kroah-Hartman · 40797275 · d8a27075
Commit d8a27075 authored Jul 14, 2006 by Linus Torvalds Committed by Greg Kroah-Hartman Jul 14, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

fs/proc/base.c fs/proc/base.c +1 -0

No files found.
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 		} else {
 			inode->i_uid = 0;
 			inode->i_gid = 0;
+			inode->i_mode = 0;
 		}
 		security_task_to_inode(task, inode);
 		return 1;