diff options
author | Eric Biggers <ebiggers@google.com> | 2017-09-18 11:38:29 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-03-19 13:14:08 +0100 |
commit | ccc2aae5c4df7c6830b79280bf6fd1bf57dd5a72 (patch) | |
tree | d47845d02340aecfc00db380c25fce090c2414d2 /net | |
parent | 45eaae2527707aaf871821eaccc5cbf9d3b841b2 (diff) |
KEYS: restrict /proc/keys by credentials at open time
commit 4aa68e07d845562561f5e73c04aa521376e95252 upstream.
When checking for permission to view keys whilst reading from
/proc/keys, we should use the credentials with which the /proc/keys file
was opened. This is because, in a classic type of exploit, it can be
possible to bypass checks for the *current* credentials by passing the
file descriptor to a suid program.
Following commit 34dbbcdbf633 ("Make file credentials available to the
seqfile interfaces") we can finally fix it. So let's do it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions