diff options
Diffstat (limited to 'fs/proc/base.c')
| -rw-r--r-- | fs/proc/base.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index ccf86f16d9f0..7e9f07bf260d 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -407,6 +407,20 @@ static int proc_pid_stack(struct seq_file *m, struct pid_namespace *ns, | |||
| 407 | unsigned long *entries; | 407 | unsigned long *entries; |
| 408 | int err; | 408 | int err; |
| 409 | 409 | ||
| 410 | /* | ||
| 411 | * The ability to racily run the kernel stack unwinder on a running task | ||
| 412 | * and then observe the unwinder output is scary; while it is useful for | ||
| 413 | * debugging kernel issues, it can also allow an attacker to leak kernel | ||
| 414 | * stack contents. | ||
| 415 | * Doing this in a manner that is at least safe from races would require | ||
| 416 | * some work to ensure that the remote task can not be scheduled; and | ||
| 417 | * even then, this would still expose the unwinder as local attack | ||
| 418 | * surface. | ||
| 419 | * Therefore, this interface is restricted to root. | ||
| 420 | */ | ||
| 421 | if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) | ||
| 422 | return -EACCES; | ||
| 423 | |||
| 410 | entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), | 424 | entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries), |
| 411 | GFP_KERNEL); | 425 | GFP_KERNEL); |
| 412 | if (!entries) | 426 | if (!entries) |