diff options
author | Stephen Wilson <wilsons@start.ca> | 2011-03-13 15:49:21 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-03-23 16:36:58 -0400 |
commit | 26947f8c8f9598209001cdcd31bb2162a2e54691 (patch) | |
tree | bab014e7ad404ca3e36ae650f170f02df05705cd | |
parent | 5ddd36b9c59887c6416e21daf984fbdd9b1818df (diff) |
proc: disable mem_write after exec
This change makes mem_write() observe the same constraints as mem_read(). This
is particularly important for mem_write as an accidental leak of the fd across
an exec could result in arbitrary modification of the target process' memory.
IOW, /proc/pid/mem is implicitly close-on-exec.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/proc/base.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index e94b58b496f1..9af49a3984f1 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
@@ -850,6 +850,10 @@ static ssize_t mem_write(struct file * file, const char __user *buf, | |||
850 | if (check_mem_permission(task)) | 850 | if (check_mem_permission(task)) |
851 | goto out; | 851 | goto out; |
852 | 852 | ||
853 | copied = -EIO; | ||
854 | if (file->private_data != (void *)((long)current->self_exec_id)) | ||
855 | goto out; | ||
856 | |||
853 | copied = -ENOMEM; | 857 | copied = -ENOMEM; |
854 | page = (char *)__get_free_page(GFP_TEMPORARY); | 858 | page = (char *)__get_free_page(GFP_TEMPORARY); |
855 | if (!page) | 859 | if (!page) |