diff options
author | Linus Torvalds <torvalds@osdl.org> | 2006-07-15 03:59:02 +0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-07-15 06:30:51 +0400 |
commit | d8a2707576c2d12dd79d797a9bff3b10b3d182f7 (patch) | |
tree | 0c70cf2e07ab13dfe0a13e4ac6ac380d225bdbd1 | |
parent | 407972755b44d0a18647dab1f1e62df80b6638d0 (diff) | |
download | linux-d8a2707576c2d12dd79d797a9bff3b10b3d182f7.tar.xz |
[PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)
Fix nasty /proc vulnerability
We have a bad interaction with both the kernel and user space being able
to change some of the /proc file status. This fixes the most obvious
part of it, but I expect we'll also make it harder for users to modify
even their "own" files in /proc.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/proc/base.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index c192cb2af2c8..9d996746a1a6 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) } else { inode->i_uid = 0; inode->i_gid = 0; + inode->i_mode = 0; } security_task_to_inode(task, inode); return 1; |