[patch 21/27] vfs: coredumping fix (CVE-2007-6206)

From: Greg KH
Date: Fri Feb 01 2008 - 19:31:49 EST


2.6.22-stable review patch. If anyone has any objections, please let us
know.

------------------

From: Ingo Molnar <mingo@xxxxxxx>

vfs: coredumping fix

patch c46f739dd39db3b07ab5deb4e3ec81e1c04a91af in mainline

fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043

only allow coredumping to the same uid that the coredumping
task runs under.

Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
Acked-by: Alan Cox <alan@xxxxxxxxxx>
Acked-by: Christoph Hellwig <hch@xxxxxx>
Acked-by: Al Viro <viro@xxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: maximilian attems <max@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
fs/exec.c | 6 ++++++
1 file changed, 6 insertions(+)

--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_cod
but keep the previous behaviour for now. */
if (!ispipe && !S_ISREG(inode->i_mode))
goto close_fail;
+ /*
+ * Dont allow local users get cute and trick others to coredump
+ * into their pre-created files:
+ */
+ if (inode->i_uid != current->fsuid)
+ goto close_fail;
if (!file->f_op)
goto close_fail;
if (!file->f_op->write)

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/