Re: [PATCH] proc: fix races against execve() of/proc/PID/{fd/,fdinfo/,fdinfo/*}

From: Andrew Morton
Date: Fri Aug 26 2011 - 15:41:24 EST


On Fri, 26 Aug 2011 17:29:09 +0400
Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:

> fd* files are restricted to the task's owner, and other users may not
> get direct access to them. But one may open any of these files and run
> any setuid program, keeping opened file descriptors. As there are
> permission checks on open(), but not on readdir() and read(), operations
> on the kept file descriptors will not be checked. It makes it possible
> to violate procfs permission model.
>
> Reading fdinfo/* may disclosure current fds' position and flags, reading
> directory contents of fdinfo/ and fd/ may disclosure the number of opened
> files by the target task. This information is not sensible per se, but
> it can reveal some private information (like length of a password stored in
> a file) under certain conditions.
>
> Used existing (un)lock_trace functions to deal with the issue by calling
> ptrace_may_access() permission checks.

This doesn't apply to current mainline. Please redo, retest, resend?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/