Kees Cook fb003a1bd6 proc: Check /proc/$pid/attr/ writes against file opener ... commit bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 upstream. Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/ files need to check the opener credentials, since these fds do not transition state across execve(). Without this, it is possible to trick another process (which may have different credentials) to write to its own /proc/$pid/attr/ files, leading to unexpected and possibly exploitable behaviors. [1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials Fixes: 1da177e4c3 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-06-03 09:00:28 +02:00
..
array.c	seccomp: Fix CONFIG tests for Seccomp_filters	2021-05-14 09:50:24 +02:00
base.c	proc: Check /proc/$pid/attr/ writes against file opener	2021-06-03 09:00:28 +02:00
bootconfig.c
cmdline.c
consoles.c
cpuinfo.c
devices.c
fd.c
fd.h
generic.c	fs/proc/generic.c: fix incorrect pde_is_permanent check	2021-05-19 10:13:09 +02:00
inode.c
internal.h
interrupts.c
Kconfig
kcore.c
kmsg.c
loadavg.c
Makefile
meminfo.c
namespaces.c
nommu.c
page.c
proc_net.c
proc_sysctl.c	proc: use kvzalloc for our kernel buffer	2021-03-04 11:38:21 +01:00
proc_tty.c
root.c
self.c	proc: don't allow async path resolution of /proc/thread-self components	2021-03-04 11:38:42 +01:00
softirqs.c
stat.c
task_mmu.c	mm: proc: Invalidate TLB after clearing soft-dirty page state	2021-03-04 11:37:45 +01:00
task_nommu.c
thread_self.c	proc: don't allow async path resolution of /proc/thread-self components	2021-03-04 11:38:42 +01:00
uptime.c
util.c
version.c
vmcore.c