[PATCH] proc: prevent changes to overridden credentials

John Johansen john.johansen at canonical.com
Fri Apr 19 19:03:45 UTC 2019


On 4/19/19 11:55 AM, Paul Moore wrote:
> Prevent userspace from changing the the /proc/PID/attr values if the
> task's credentials are currently overriden.  This not only makes sense
> conceptually, it also prevents some really bizarre error cases caused
> when trying to commit credentials to a task with overridden
> credentials.
> 
> Cc: <stable at vger.kernel.org>
> Reported-by: "chengjian (D)" <cj.chengjian at huawei.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>

looks good

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  fs/proc/base.c |    5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index ddef482f1334..87ba007b86db 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -2539,6 +2539,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
>  		rcu_read_unlock();
>  		return -EACCES;
>  	}
> +	/* Prevent changes to overridden credentials. */
> +	if (current_cred() != current_real_cred()) {
> +		rcu_read_unlock();
> +		return -EBUSY;
> +	}
>  	rcu_read_unlock();
>  
>  	if (count > PAGE_SIZE)
> 



More information about the Linux-security-module-archive mailing list