Commit d8a27075 authored by Linus Torvalds's avatar Linus Torvalds Committed by Greg Kroah-Hartman

[PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)

Fix nasty /proc vulnerability

We have a bad interaction with both the kernel and user space being able
to change some of the /proc file status.  This fixes the most obvious
part of it, but I expect we'll also make it harder for users to modify
even their "own" files in /proc.
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 40797275
...@@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) ...@@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
} else { } else {
inode->i_uid = 0; inode->i_uid = 0;
inode->i_gid = 0; inode->i_gid = 0;
inode->i_mode = 0;
} }
security_task_to_inode(task, inode); security_task_to_inode(task, inode);
return 1; return 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment