[2.6.22.y] CVE2007-6206 fix
From: Oliver Pinter (Pintér Olivér)
Date: Sat Dec 22 2007 - 06:37:46 EST
--
Thanks,
Oliver
I backported this patch to 2.6.22.y tree.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206
---
original patch:
c46f739dd39db3b07ab5deb4e3ec81e1c04a91af in linux-2.6.git
Ingo Molnar [Wed, 28 Nov 2007 12:59:18 +0000 (13:59 +0100)]
fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
only allow coredumping to the same uid that the coredumping
task runs under.
Signed-off-by: Oliver Pinter <oliver.pntr@xxxxxxxxx>
---
fs/exec.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 3da429d..224e973 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
but keep the previous behaviour for now. */
if (!ispipe && !S_ISREG(inode->i_mode))
goto close_fail;
+ /*
+ * Dont allow local users get cute and trick others to coredump
+ * into their pre-created files:
+ */
+ if (inode->i_uid != current->fsuid)
+ goto close_fail;
if (!file->f_op)
goto close_fail;
if (!file->f_op->write)