[PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)

Fix nasty /proc vulnerability We have a bad interaction with both the kernel and user space being able to change some of the /proc file status. This fixes the most obvious part of it, but I expect we'll also make it harder for users to modify even their "own" files in /proc. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Linus Torvalds <torvalds@osdl.org> 2006-07-14 23:59:02 +0000
committer: Greg Kroah-Hartman <gregkh@suse.de> 2006-07-14 19:30:51 -0700
commit: d8a2707576c2d12dd79d797a9bff3b10b3d182f7 (patch)
tree: 0c70cf2e07ab13dfe0a13e4ac6ac380d225bdbd1
parent: 407972755b44d0a18647dab1f1e62df80b6638d0 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index c192cb2af2c8..9d996746a1a6 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 		} else {
 			inode->i_uid = 0;
 			inode->i_gid = 0;
+			inode->i_mode = 0;
 		}
 		security_task_to_inode(task, inode);
 		return 1;
author	Linus Torvalds <torvalds@osdl.org>	2006-07-14 23:59:02 +0000
committer	Greg Kroah-Hartman <gregkh@suse.de>	2006-07-14 19:30:51 -0700
commit	d8a2707576c2d12dd79d797a9bff3b10b3d182f7 (patch)
tree	0c70cf2e07ab13dfe0a13e4ac6ac380d225bdbd1
parent	407972755b44d0a18647dab1f1e62df80b6638d0 (diff)