Fix nasty /proc vulnerability

We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Linus Torvalds <torvalds@g5.osdl.org> 2006-07-14 19:51:34 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-07-14 19:51:34 -0400
commit: 18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3 (patch)
tree: b1a9c89bc546a71924ed7253f2f27afdeb82d297 /fs/proc/base.c
parent: ab6cf0d0cb96417ef65cc2c2120c0e879edf7a4a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 243a94af0427..0cb8f20d000c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
                } else {
                        inode->i_uid = 0;
                        inode->i_gid = 0;
+                        inode->i_mode = 0;
                }
                security_task_to_inode(task, inode);
                put_task_struct(task);
author	Linus Torvalds <torvalds@g5.osdl.org>	2006-07-14 19:51:34 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-07-14 19:51:34 -0400
commit	18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3 (patch)
tree	b1a9c89bc546a71924ed7253f2f27afdeb82d297 /fs/proc/base.c
parent	ab6cf0d0cb96417ef65cc2c2120c0e879edf7a4a (diff)

diff --git a/fs/proc/base.c b/fs/proc/base.c index 243a94af0427..0cb8f20d000c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry dentry, struct nameidata nd)
1338	} else {	1338	} else {
1339	inode->i_uid = 0;	1339	inode->i_uid = 0;
1340	inode->i_gid = 0;	1340	inode->i_gid = 0;
		1341	inode->i_mode = 0;
1341	}	1342	}
1342	security_task_to_inode(task, inode);	1343	security_task_to_inode(task, inode);
1343	put_task_struct(task);	1344	put_task_struct(task);