leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
293eb1e777
linux/fs
History
Vasiliy Kulikov 293eb1e777 proc: fix a race in do_io_accounting() 
If an inode's mode permits opening /proc/PID/io and the resulting file
descriptor is kept across execve() of a setuid or similar binary, the
ptrace_may_access() check tries to prevent using this fd against the
task with escalated privileges.

Unfortunately, there is a race in the check against execve().  If
execve() is processed after the ptrace check, but before the actual io
information gathering, io statistics will be gathered from the
privileged process.  At least in theory this might lead to gathering
sensible information (like ssh/ftp password length) that wouldn't be
available otherwise.

Holding task->signal->cred_guard_mutex while gathering the io
information should protect against the race.

The order of locking is similar to the one inside of ptrace_attach():
first goes cred_guard_mutex, then lock_task_sighand().

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-07-26 16:49:43 -07:00
..
9p p9: avoid unused variable warning 2011-07-25 23:43:53 -07:00
adfs
affs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
afs AFS: Fix silly characters in a comment 2011-07-20 20:48:03 -04:00
autofs4 autofs4: bogus dentry_unhash() added in ->unlink() 2011-05-30 01:50:53 -04:00
befs
bfs bfs: remove unnecessary dentry_unhash on dir rename 2011-05-28 01:02:50 -04:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/writeback 2011-07-26 10:39:54 -07:00
cachefiles kill useless checks for sb->s_op == NULL 2011-07-20 01:44:21 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2011-07-26 13:38:50 -07:00
cifs Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2011-07-26 11:11:28 -07:00
coda fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
configfs configfs: remove unnecessary dentry_unhash on rmdir, dir rename 2011-05-28 01:02:54 -04:00
cramfs cramfs: get_cramfs_inode() returns ERR_PTR() on failure 2011-07-17 23:22:02 -04:00
debugfs
devpts
dlm Merge branch 'for-3.1' of git://linux-nfs.org/~bfields/linux 2011-07-25 22:49:19 -07:00
ecryptfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-07-25 13:56:39 -07:00
efs make d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err) 2011-07-20 01:44:26 -04:00
exofs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
exportfs
ext2 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2011-07-26 11:34:40 -07:00
ext3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2011-07-26 11:34:40 -07:00
ext4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/writeback 2011-07-26 10:39:54 -07:00
fat fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
freevxfs
fscache FS-Cache: Fix __fscache_uncache_all_inode_pages()'s outer loop 2011-07-21 10:59:16 -07:00
fuse Merge branch 'for-3.1' of git://linux-nfs.org/~bfields/linux 2011-07-25 22:49:19 -07:00
gfs2 fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
hfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
hfsplus Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-07-22 19:02:39 -07:00
hostfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
hpfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
hppfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
hugetlbfs Merge 'akpm' patch series 2011-07-25 21:00:19 -07:00
isofs isofs: Remove global fs lock 2011-07-22 19:42:12 -04:00
jbd jbd: Use WRITE_SYNC in journal checkpoint. 2011-06-28 00:06:41 +02:00
jbd2 jbd2: Fix oops in jbd2_journal_remove_journal_head() 2011-06-13 15:38:22 -04:00
jffs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-07-25 13:56:39 -07:00
jfs fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
lockd locks: rename lock-manager ops 2011-07-20 20:23:19 -04:00
logfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
minix minix_getattr(): don't bother with ->d_parent 2011-07-20 20:47:53 -04:00
ncpfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
nfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/writeback 2011-07-26 10:39:54 -07:00
nfs_common
nfsd Merge branch 'for-3.1' of git://linux-nfs.org/~bfields/linux 2011-07-25 22:49:19 -07:00
nilfs2 fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
nls
notify
ntfs fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
ocfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-07-25 13:56:39 -07:00
omfs Remove unneeded version.h includes from fs/ 2011-06-24 08:34:22 -07:00
openpromfs
partitions Merge branch 'for-linus' into for-3.1/core 2011-07-01 16:17:13 +02:00
proc proc: fix a race in do_io_accounting() 2011-07-26 16:49:43 -07:00
pstore
qnx4
quota
ramfs
reiserfs Merge 'akpm' patch series 2011-07-25 21:00:19 -07:00
romfs romfs: fix romfs_get_unmapped_area() argument check 2011-06-27 18:00:12 -07:00
squashfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linus 2011-07-25 22:50:35 -07:00
sysfs ->permission() sanitizing: don't pass flags to ->permission() 2011-07-20 01:43:24 -04:00
sysv sysv: remove unnecessary dentry_unhash from rmdir, dir rename 2011-05-28 01:02:50 -04:00
ubifs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-07-22 19:02:39 -07:00
udf switch udf_ioctl() to inode_permission() 2011-07-20 01:43:07 -04:00
ufs make d_splice_alias(ERR_PTR(err), dentry) = ERR_PTR(err) 2011-07-20 01:44:26 -04:00
xfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-07-25 13:56:39 -07:00
aio.c
anon_inodes.c VFS : mount lock scalability for internal mounts 2011-07-24 10:08:32 -04:00
attr.c fs: move inode_dio_wait calls into ->setattr 2011-07-20 20:47:47 -04:00
bad_inode.c fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
binfmt_aout.c
binfmt_elf_fdpic.c consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling 2011-07-20 01:43:10 -04:00
binfmt_elf.c consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling 2011-07-20 01:43:10 -04:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling 2011-07-20 01:43:10 -04:00
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c block: improve the bio_add_page() and bio_add_pc_page() descriptions 2011-05-28 14:44:46 +02:00
block_dev.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/writeback 2011-07-26 10:39:54 -07:00
buffer.c vfs: Fix data corruption after failed write in __block_write_begin() 2011-06-16 11:44:46 -04:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c compat_ioctl: fix warning caused by qemu 2011-07-01 22:32:26 +02:00
compat.c nfsd: Remove deprecated nfsctl system call and related code. 2011-07-15 18:58:42 -04:00
dcache.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-07-22 19:02:39 -07:00
dcookies.c oprofile, dcookies: Fix possible circular locking dependency 2011-05-31 16:33:35 +02:00
direct-io.c fs: move inode_dio_done to the end_io handler 2011-07-20 20:47:50 -04:00
drop_caches.c
eventfd.c
eventpoll.c
exec.c do_coredump: fix the "ispipe" error check 2011-07-26 16:49:43 -07:00
fcntl.c
fhandle.c
fifo.c
file_table.c
file.c
filesystems.c
fs_struct.c
fs-writeback.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/writeback 2011-07-26 10:39:54 -07:00
generic_acl.c fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/writeback 2011-07-26 10:39:54 -07:00
internal.h superblock: move pin_sb_for_writeback() to fs/super.c 2011-07-20 01:44:38 -04:00
ioctl.c
ioprio.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2011-05-26 09:52:14 -07:00
Kconfig.binfmt
libfs.c fix IN_DELETE_SELF on overwriting rename() on ramfs et.al. 2011-07-22 19:42:11 -04:00
locks.c locks: rename lock-manager ops 2011-07-20 20:23:19 -04:00
Makefile nfsd: Remove deprecated nfsctl system call and related code. 2011-07-15 18:58:42 -04:00
mbcache.c
mpage.c mm/fs: add hooks to support cleancache 2011-05-26 10:01:43 -06:00
namei.c vfs: fix check_acl compile error when CONFIG_FS_POSIX_ACL is not set 2011-07-25 22:47:03 -07:00
namespace.c VFS : mount lock scalability for internal mounts 2011-07-24 10:08:32 -04:00
no-block.c
open.c vfs: use ERR_CAST for err-ptr tossing in lookup_instantiate_filp 2011-07-22 19:42:13 -04:00
pipe.c VFS : mount lock scalability for internal mounts 2011-07-24 10:08:32 -04:00
pnode.c
pnode.h
posix_acl.c fs: take the ACL checks to common code 2011-07-25 14:30:23 -04:00
read_write.c fs: add SEEK_HOLE and SEEK_DATA flags 2011-07-20 20:47:56 -04:00
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c tmpfs: clone shmem_file_splice_read() 2011-07-25 20:57:11 -07:00
stack.c
stat.c
statfs.c
super.c Merge branch 'for-3.1/core' of git://git.kernel.dk/linux-block 2011-07-25 10:33:36 -07:00
sync.c fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers 2011-07-20 20:47:59 -04:00
timerfd.c timerfd: Fix wakeup of processes when timer is cancelled on clock change 2011-06-14 11:46:14 +02:00
utimes.c
xattr_acl.c
xattr.c Cache xattr security drop check for write v2 2011-05-28 12:02:09 -04:00