Attachment 35038 Details for Bug 56479 – 2.6 kernel /proc filesystem missing attr check patch

[patch] 2.6 kernel /proc filesystem missing attr check patch

2.6-proc_exploit.patch (text/plain), 1.34 KB, created by Chris White (RETIRED) on 2004-07-08 17:13:26 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Chris White (RETIRED)

Created: 2004-07-08 17:13:26 UTC

Size: 1.34 KB

patch

obsolete

># This is a BitKeeper generated diff -Nru style patch.
>#
># ChangeSet
>#   2004/07/02 18:48:26-07:00 chrisw@osdl.org 
>#   [PATCH] check attr updates in /proc
>#   
>#   Any proc entry with default proc_file_inode_operations allow unauthorized
>#   attribute updates.  This is very dangerous for proc entries that rely
>#   solely on file permissions for open/read/write.
>#   
>#   Signed-off-by: Chris Wright <chrisw@osdl.org>
>#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
># 
># fs/proc/generic.c
>#   2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7
>#   check attr updates in /proc
># 
>diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c
>--- a/fs/proc/generic.c	2004-07-08 17:03:20 -07:00
>+++ b/fs/proc/generic.c	2004-07-08 17:03:20 -07:00
>@@ -231,14 +231,21 @@
> static int proc_notify_change(struct dentry *dentry, struct iattr *iattr)
> {
> 	struct inode *inode = dentry->d_inode;
>-	int error = inode_setattr(inode, iattr);
>-	if (!error) {
>-		struct proc_dir_entry *de = PDE(inode);
>-		de->uid = inode->i_uid;
>-		de->gid = inode->i_gid;
>-		de->mode = inode->i_mode;
>-	}
>+	struct proc_dir_entry *de = PDE(inode);
>+	int error;
> 
>+	error = inode_change_ok(inode, iattr);
>+	if (error)
>+		goto out;
>+
>+	error = inode_setattr(inode, iattr);
>+	if (error)
>+		goto out;
>+	
>+	de->uid = inode->i_uid;
>+	de->gid = inode->i_gid;
>+	de->mode = inode->i_mode;
>+out:
> 	return error;
> }
>

Actions: View | Diff

Attachments on bug 56479: 35037 | 35038 | 35039 | 35040