Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 35038 Details for
Bug 56479
sys-kernel/*: fchown may allow unrestricted file groupIDs modifications
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
2.6 kernel /proc filesystem missing attr check patch
2.6-proc_exploit.patch (text/plain), 1.34 KB, created by
Chris White (RETIRED)
on 2004-07-08 17:13:26 UTC
(
hide
)
Description:
2.6 kernel /proc filesystem missing attr check patch
Filename:
MIME Type:
Creator:
Chris White (RETIRED)
Created:
2004-07-08 17:13:26 UTC
Size:
1.34 KB
patch
obsolete
># This is a BitKeeper generated diff -Nru style patch. ># ># ChangeSet ># 2004/07/02 18:48:26-07:00 chrisw@osdl.org ># [PATCH] check attr updates in /proc ># ># Any proc entry with default proc_file_inode_operations allow unauthorized ># attribute updates. This is very dangerous for proc entries that rely ># solely on file permissions for open/read/write. ># ># Signed-off-by: Chris Wright <chrisw@osdl.org> ># Signed-off-by: Linus Torvalds <torvalds@osdl.org> ># ># fs/proc/generic.c ># 2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7 ># check attr updates in /proc ># >diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c >--- a/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 >+++ b/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 >@@ -231,14 +231,21 @@ > static int proc_notify_change(struct dentry *dentry, struct iattr *iattr) > { > struct inode *inode = dentry->d_inode; >- int error = inode_setattr(inode, iattr); >- if (!error) { >- struct proc_dir_entry *de = PDE(inode); >- de->uid = inode->i_uid; >- de->gid = inode->i_gid; >- de->mode = inode->i_mode; >- } >+ struct proc_dir_entry *de = PDE(inode); >+ int error; > >+ error = inode_change_ok(inode, iattr); >+ if (error) >+ goto out; >+ >+ error = inode_setattr(inode, iattr); >+ if (error) >+ goto out; >+ >+ de->uid = inode->i_uid; >+ de->gid = inode->i_gid; >+ de->mode = inode->i_mode; >+out: > return error; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 56479
:
35037
| 35038 |
35039
|
35040