mirror of
https://github.com/torvalds/linux.git
synced 2026-05-15 01:43:11 +02:00
7c2c7d9930
check_unsafe_exec() also notes whether the fs_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient use of get_fs_struct(), which also raises that sharing count. This might occasionally cause a setuid program not to change euid, in the same way as happened with files->count (check_unsafe_exec also looks at sighand->count, but /proc doesn't raise that one). We'd prefer exec not to unshare fs_struct: so fix this in procfs, replacing get_fs_struct() by get_fs_path(), which does path_get while still holding task_lock, instead of raising fs->count. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org ___ fs/proc/base.c | 50 +++++++++++++++-------------------------------- 1 file changed, 16 insertions(+), 34 deletions(-) Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| array.c | ||
| base.c | ||
| cmdline.c | ||
| cpuinfo.c | ||
| devices.c | ||
| generic.c | ||
| inode-alloc.txt | ||
| inode.c | ||
| internal.h | ||
| interrupts.c | ||
| Kconfig | ||
| kcore.c | ||
| kmsg.c | ||
| loadavg.c | ||
| Makefile | ||
| meminfo.c | ||
| mmu.c | ||
| nommu.c | ||
| page.c | ||
| proc_devtree.c | ||
| proc_net.c | ||
| proc_sysctl.c | ||
| proc_tty.c | ||
| root.c | ||
| stat.c | ||
| task_mmu.c | ||
| task_nommu.c | ||
| uptime.c | ||
| version.c | ||
| vmcore.c | ||