Leaking path for set_task_comm
From: Tong Zhang
Date: Tue Sep 25 2018 - 13:27:19 EST
Kernel Version: 4.18.5
Problem Description:
When using prctl(PR_SET_NAME) to set the thread name, it is checked by security_task_prctl.
We discovered a leaking path that can also use method implemented in
fs/proc/base.c:1526 comm_write(), to do similar thing without asking LSMâs decision.
- Tong