| commit | 658a3f90a819379393ff18d97a28b55ae8ed6328 | |
| author | Vasiliy Kulikov <segoon@openwall.com> | |
| Fri, 24 Jun 2011 12:08:38 +0000 (24 16:08 +0400) | ||
| committer | Andi Kleen <ak@linux.intel.com> | |
| Mon, 1 Aug 2011 20:54:59 +0000 (1 13:54 -0700) | ||
| tree | 72cdfc7a203e37785d0ba3fdd9d9d2b2f4873ba4 | treesnapshot (tar.gz zip) |
| parent | 2d32f62fbbad8f663c26df23242113ef9464f790 | commitdiff |
proc: restrict access to /proc/PID/io
[ upstream commit 1d1221f375c94ef961ba8574ac4f85c8870ddd51 ]
/proc/PID/io may be used for gathering private information. E.g. for
openssh and vsftpd daemons wchars/rchars may be used to learn the
precise password length. Restrict it to processes being able to ptrace
the target process.
ptrace_may_access() is needed to prevent keeping open file descriptor of
"io" file, executing setuid binary and gathering io information of the
setuid'ed process.
Said to be CVE-2011-2495
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
[ upstream commit 1d1221f375c94ef961ba8574ac4f85c8870ddd51 ]
/proc/PID/io may be used for gathering private information. E.g. for
openssh and vsftpd daemons wchars/rchars may be used to learn the
precise password length. Restrict it to processes being able to ptrace
the target process.
ptrace_may_access() is needed to prevent keeping open file descriptor of
"io" file, executing setuid binary and gathering io information of the
setuid'ed process.
Said to be CVE-2011-2495
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
| fs/proc/base.c | diffblobblamehistory |