Home Home > GIT Browse
diff options
authorLinus Torvalds <torvalds@osdl.org>2006-07-14 23:59:02 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2006-07-14 19:35:20 -0700
commit4a7ac3ab06932949d3069c1811f6f2a310f656c4 (patch)
parent4f9619cdd90ac846fa0ca6e9e8a9d87a0d6b4f57 (diff)
[PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)
Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6cc77dc3f3ff..5a8b89a8a467 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1404,6 +1404,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
} else {
inode->i_uid = 0;
inode->i_gid = 0;
+ inode->i_mode = 0;
security_task_to_inode(task, inode);
return 1;