diff options
| author | Stephen Wilson <wilsons@start.ca> | 2011-03-13 15:49:21 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-03-23 16:36:58 -0400 |
| commit | 26947f8c8f9598209001cdcd31bb2162a2e54691 (patch) | |
| tree | bab014e7ad404ca3e36ae650f170f02df05705cd /fs/proc/base.c | |
| parent | 5ddd36b9c59887c6416e21daf984fbdd9b1818df (diff) | |
proc: disable mem_write after exec
This change makes mem_write() observe the same constraints as mem_read(). This
is particularly important for mem_write as an accidental leak of the fd across
an exec could result in arbitrary modification of the target process' memory.
IOW, /proc/pid/mem is implicitly close-on-exec.
Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/proc/base.c')
| -rw-r--r-- | fs/proc/base.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index e94b58b496f1..9af49a3984f1 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -850,6 +850,10 @@ static ssize_t mem_write(struct file * file, const char __user *buf, | |||
| 850 | if (check_mem_permission(task)) | 850 | if (check_mem_permission(task)) |
| 851 | goto out; | 851 | goto out; |
| 852 | 852 | ||
| 853 | copied = -EIO; | ||
| 854 | if (file->private_data != (void *)((long)current->self_exec_id)) | ||
| 855 | goto out; | ||
| 856 | |||
| 853 | copied = -ENOMEM; | 857 | copied = -ENOMEM; |
| 854 | page = (char *)__get_free_page(GFP_TEMPORARY); | 858 | page = (char *)__get_free_page(GFP_TEMPORARY); |
| 855 | if (!page) | 859 | if (!page) |