Skip to content

Commit

Permalink
proc: Check /proc/$pid/attr/ writes against file opener
Browse files Browse the repository at this point in the history 
Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
files need to check the opener credentials, since these fds do not
transition state across execve(). Without this, it is possible to
trick another process (which may have different credentials) to write
to its own /proc/$pid/attr/ files, leading to unexpected and possibly
exploitable behaviors.

[1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials

Fixes: 1da177e ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Kees Cook authored and Linus Torvalds committed May 25, 2021
1 parent ad9f25d commit bfb819e
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions fs/proc/base.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2703,6 +2703,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
void *page;
int rv;

/* A task may only write when it was the opener. */
if (file->f_cred != current_real_cred())
return -EPERM;

rcu_read_lock();
task = pid_task(proc_pid(inode), PIDTYPE_PID);
if (!task) {
Expand Down

0 comments on commit bfb819e

Please sign in to comment.