Fix nasty /proc vulnerability

We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-14 16:51:34 -07:00 · 2006-07-14 16:51:34 -07:00 · 18b0bbd8ca
parent ab6cf0d0cb
commit 18b0bbd8ca
1 changed files with 1 additions and 0 deletions
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 		} else {
 			inode->i_uid = 0;
 			inode->i_gid = 0;
+			inode->i_mode = 0;
 		}
 		security_task_to_inode(task, inode);
 		put_task_struct(task);