From: Linus Torvalds Date: Fri, 14 Jul 2006 23:51:34 +0000 (-0700) Subject: Fix nasty /proc vulnerability X-Git-Tag: v2.6.18-rc2~80 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3;p=linux-2.6 Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds --- diff --git a/fs/proc/base.c b/fs/proc/base.c index 243a94af04..0cb8f20d00 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd) } else { inode->i_uid = 0; inode->i_gid = 0; + inode->i_mode = 0; } security_task_to_inode(task, inode); put_task_struct(task);