git.baikalelectronics.ru Git - kernel.git/commit

author	Kees Cook <keescook@chromium.org>
	Tue, 25 May 2021 19:37:35 +0000 (12:37 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Tue, 25 May 2021 20:24:41 +0000 (10:24 -1000)
commit	bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28
tree	d5327bdc0a2bb41db9968c7937810d40875b090a	tree \| snapshot
parent	ad9f25d338605d26acedcaf3ba5fab5ca26f1c10	commit \| diff

proc: Check /proc/$pid/attr/ writes against file opener

Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
files need to check the opener credentials, since these fds do not
transition state across execve(). Without this, it is possible to
trick another process (which may have different credentials) to write
to its own /proc/$pid/attr/ files, leading to unexpected and possibly
exploitable behaviors.

[1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials

Fixes: 1da177e4c3f41 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>