Leaking path for set_task_comm
Cyrill Gorcunov
gorcunov at gmail.com
Tue Sep 25 18:39:53 UTC 2018
On Tue, Sep 25, 2018 at 01:27:08PM -0400, Tong Zhang wrote:
> Kernel Version: 4.18.5
>
> Problem Description:
>
> When using prctl(PR_SET_NAME) to set the thread name, it is checked by security_task_prctl.
>
> We discovered a leaking path that can also use method implemented in
> fs/proc/base.c:1526 comm_write(), to do similar thing without asking LSM’s decision.
I don't understand how it is a problem. Could you please explain?
procfs/comm is created with S_IRUGO|S_IWUSR permissions. So
prctl and procfs are simply different interfaces.
More information about the Linux-security-module-archive
mailing list