linux_dsm_epyc7002/fs
Vasiliy Kulikov 1d1221f375 proc: restrict access to /proc/PID/io
/proc/PID/io may be used for gathering private information.  E.g.  for
openssh and vsftpd daemons wchars/rchars may be used to learn the
precise password length.  Restrict it to processes being able to ptrace
the target process.

ptrace_may_access() is needed to prevent keeping open file descriptor of
"io" file, executing setuid binary and gathering io information of the
setuid'ed process.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-28 09:39:11 -07:00
..
9p 9p: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:53 -04:00
adfs Fix common misspellings 2011-03-31 11:26:23 -03:00
affs affs: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:53 -04:00
afs AFS: Use i_generation not i_version for the vnode uniquifier 2011-06-16 11:44:48 -04:00
autofs4 autofs4: bogus dentry_unhash() added in ->unlink() 2011-05-30 01:50:53 -04:00
befs Fix common misspellings 2011-03-31 11:26:23 -03:00
bfs bfs: remove unnecessary dentry_unhash on dir rename 2011-05-28 01:02:50 -04:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2011-06-27 13:32:14 -07:00
cachefiles Fix common misspellings 2011-03-31 11:26:23 -03:00
ceph ceph: unwind canceled flock state 2011-06-07 21:36:45 -07:00
cifs Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2011-06-26 19:40:31 -07:00
coda coda_ioctl_permission() is safe in RCU mode 2011-06-20 10:44:19 -04:00
configfs configfs: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:54 -04:00
cramfs cramfs: generate unique inode number for better inode cache usage 2011-01-13 08:03:23 -08:00
debugfs debugfs: move to new strtobool 2011-05-19 16:55:28 +09:30
devpts fs/devpts/inode.c: correctly check d_alloc_name() return code in devpts_pty_new() 2011-03-22 17:44:17 -07:00
dlm Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
ecryptfs eCryptfs: Remove ecryptfs_header_cache_2 2011-05-29 14:24:25 -05:00
efs block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
exofs exofs: remove unnecessary dentry_unhash on rmdir/rename_dir 2011-05-26 07:26:57 -04:00
exportfs vfs: Add open by file handle support 2011-03-15 02:21:44 -04:00
ext2 ext2: remove unnecessary dentry_unhash on rmdir/rename_dir 2011-05-26 07:26:56 -04:00
ext3 fs: pass exact type of data dirties to ->dirty_inode 2011-05-27 07:04:40 -04:00
ext4 ext4: fixed tracepoints cleanup 2011-06-06 09:51:52 -04:00
fat fat: Fix corrupt inode flags when remove ATTR_SYS flag 2011-05-31 19:42:24 +09:00
freevxfs treewide: fix a few typos in comments 2011-05-10 10:16:21 +02:00
fscache fscache: remove dead code under CONFIG_WORKQUEUE_DEBUGFS 2011-05-25 08:39:44 -07:00
fuse more conservative S_NOSEC handling 2011-06-03 18:24:58 -04:00
gfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixes 2011-06-07 18:44:10 -07:00
hfs hfs: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:52 -04:00
hfsplus hfsplus: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:52 -04:00
hostfs hostfs: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:52 -04:00
hpfs hpfs: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:54 -04:00
hppfs
hugetlbfs mm: don't access vm_flags as 'int' 2011-05-26 09:20:31 -07:00
isofs isofs: fix bh leak in isofs_fill_super() error case 2011-06-18 07:25:42 -07:00
jbd jbd: Fix comment to match the code in journal_start() 2011-05-24 00:27:53 +02:00
jbd2 jbd2: Fix oops in jbd2_journal_remove_journal_head() 2011-06-13 15:38:22 -04:00
jffs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-28 13:03:41 -07:00
jfs jfs: agstart field must be 64 bits 2011-06-20 17:53:24 -05:00
lockd NLM: Don't hang forever on NLM unlock requests 2011-06-15 11:24:27 -04:00
logfs logfs doesn't need ->permission() at all 2011-06-20 10:44:26 -04:00
minix minix: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:54 -04:00
ncpfs ncpfs: fix rename over directory with dangling references 2011-05-28 01:02:53 -04:00
nfs NFS: Fix decode_secinfo_maxsz 2011-06-21 11:54:07 -04:00
nfs_common Fix common misspellings 2011-03-31 11:26:23 -03:00
nfsd nfsd4: fix break_lease flags on nfsd open 2011-06-20 10:38:01 -04:00
nilfs2 nilfs2_permission() doesn't need to bail out in RCU mode 2011-06-20 10:44:33 -04:00
nls
notify Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
ntfs Fix common misspellings 2011-03-31 11:26:23 -03:00
ocfs2 more conservative S_NOSEC handling 2011-06-03 18:24:58 -04:00
omfs Remove unneeded version.h includes from fs/ 2011-06-24 08:34:22 -07:00
openpromfs
partitions Revert "block: Remove extra discard_alignment from hd_struct." 2011-05-30 07:42:51 +02:00
proc proc: restrict access to /proc/PID/io 2011-06-28 09:39:11 -07:00
pstore pstore: fix pstore filesystem mount/remount issue 2011-05-16 11:05:00 -07:00
qnx4 block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
quota vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
ramfs ramfs: fix memleak on no-mmu arch 2011-04-14 16:06:56 -07:00
reiserfs reiserfs_permission() doesn't need to bail out in RCU mode 2011-06-20 10:45:21 -04:00
romfs romfs: fix romfs_get_unmapped_area() argument check 2011-06-27 18:00:12 -07:00
squashfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linus 2011-05-29 11:19:45 -07:00
sysfs Delay struct net freeing while there's a sysfs instance refering to it 2011-06-12 17:45:41 -04:00
sysv sysv: remove unnecessary dentry_unhash from rmdir, dir rename 2011-05-28 01:02:50 -04:00
ubifs ubifs: dereferencing an ERR_PTR in ubifs_mount() 2011-06-20 10:42:34 -04:00
udf udf: remove unnecessary dentry_unhash from rmdir, dir rename 2011-05-28 01:02:52 -04:00
ufs ufs: remove unnecessary dentry_unhash from rmdir, dir rename 2011-05-28 01:02:51 -04:00
xfs xfs: prevent bogus assert when trying to remove non-existent attribute 2011-06-23 22:13:51 -05:00
aio.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
anon_inodes.c sanitize vfsmount refcounting changes 2011-01-16 13:47:07 -05:00
attr.c Cache xattr security drop check for write v2 2011-05-28 12:02:09 -04:00
bad_inode.c bad_inode_permission() is safe from RCU mode 2011-06-20 10:44:00 -04:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c brk: COMPAT_BRK: fix detection of randomized brk 2011-04-14 16:06:55 -07:00
binfmt_em86.c
binfmt_flat.c CRED: Fix load_flat_shared_library() to initialise bprm correctly 2011-05-03 10:10:51 +10:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: Require subsystems to explicitly allocate bio_set integrity mempool 2011-03-17 11:11:05 +01:00
bio.c block: improve the bio_add_page() and bio_add_pc_page() descriptions 2011-05-28 14:44:46 +02:00
block_dev.c block: use the passed in @bdev when claiming if partno is zero 2011-06-13 12:45:48 +02:00
buffer.c vfs: Fix data corruption after failed write in __block_write_begin() 2011-06-16 11:44:46 -04:00
char_dev.c Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
compat_binfmt_elf.c
compat_ioctl.c
compat.c exec: unify do_execve/compat_do_execve code 2011-04-09 15:53:56 +02:00
dcache.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
dcookies.c oprofile, dcookies: Fix possible circular locking dependency 2011-05-31 16:33:35 +02:00
direct-io.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
drop_caches.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
eventfd.c Docbook: add fs/eventfd.c and fix typos in it 2011-02-21 15:07:04 -08:00
eventpoll.c Fix common misspellings 2011-03-31 11:26:23 -03:00
exec.c KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring 2011-06-17 09:40:48 -07:00
fcntl.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
fhandle.c fs/fhandle.c: add <linux/personality.h> for ia64 2011-04-14 16:06:56 -07:00
fifo.c Filesystem: fifo: Fixed coding style issue. 2011-03-21 00:16:09 -04:00
file_table.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-03-16 13:26:17 -07:00
file.c vfs: avoid large kmalloc()s for the fdtable 2011-04-28 11:28:20 -07:00
filesystems.c fs: synchronize_rcu when unregister_filesystem success not failure 2011-04-17 10:42:01 -07:00
fs_struct.c sanitize vfsmount refcounting changes 2011-01-16 13:47:07 -05:00
fs-writeback.c fs: pass exact type of data dirties to ->dirty_inode 2011-05-27 07:04:40 -04:00
generic_acl.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
inode.c mm: fix assertion mapping->nrpages == 0 in end_writeback() 2011-06-27 18:00:13 -07:00
internal.h fs: move i_wb_list out from under inode_lock 2011-03-24 21:17:51 -04:00
ioctl.c vfs: cleanup do_vfs_ioctl() 2011-03-21 00:16:08 -04:00
ioprio.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
Kconfig.binfmt
libfs.c libfs: drop unneeded dentry_unhash 2011-05-26 07:26:50 -04:00
locks.c Merge branch 'for-2.6.39' of git://linux-nfs.org/~bfields/linux 2011-03-24 08:20:39 -07:00
Makefile Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 2011-03-16 19:01:29 -07:00
mbcache.c vmscan: change shrinker API by passing shrink_control struct 2011-05-25 08:39:26 -07:00
mpage.c mm/fs: add hooks to support cleancache 2011-05-26 10:01:43 -06:00
namei.c fix comment in generic_permission() 2011-06-20 10:45:56 -04:00
namespace.c fs/namespace.c: bound mount propagation fix 2011-05-26 07:26:44 -04:00
nfsctl.c open-style analog of vfs_path_lookup() 2011-03-14 09:15:28 -04:00
no-block.c
open.c fs: Use BUG_ON(!mnt) at dentry_open(). 2011-03-21 01:10:41 -04:00
pipe.c Fix broken "pipe: use event aware wakeups" optimization 2011-01-20 16:21:59 -08:00
pnode.c
pnode.h
posix_acl.c NFS: Prevent memory allocation failure in nfsacl_encode() 2011-01-25 15:24:47 -05:00
read_write.c fix signedness mess in rw_verify_area() on 64bit architectures 2011-01-12 20:06:58 -05:00
read_write.h
readdir.c
select.c select: remove unused MAX_SELECT_SECONDS 2011-03-21 00:16:08 -04:00
seq_file.c
signalfd.c
splice.c splice: add wakeup_pipe_readers() 2011-05-23 19:58:53 +02:00
stack.c
stat.c readlinkat(), fchownat() and fstatat() with empty relative pathnames 2011-03-15 02:21:45 -04:00
statfs.c clean statfs-like syscalls up 2011-03-14 09:15:28 -04:00
super.c more conservative S_NOSEC handling 2011-06-03 18:24:58 -04:00
sync.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
timerfd.c timerfd: Fix wakeup of processes when timer is cancelled on clock change 2011-06-14 11:46:14 +02:00
utimes.c userns: rename is_owner_or_cap to inode_owner_or_capable 2011-03-23 19:47:13 -07:00
xattr_acl.c
xattr.c Cache xattr security drop check for write v2 2011-05-28 12:02:09 -04:00