The patch titled
Let even non-dumpable tasks access /proc/self/fd
has been added to the -mm tree. Its filename is
let-even-non-dumpable-tasks-access-proc-self-fd.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: Let even non-dumpable tasks access /proc/self/fd
From: Petr Baudis <pasky@xxxxxxx>
All tasks calling setuid() from root to non-root during their lifetime will
not be able to access their /proc/self/fd. This is troublesome because the
fstatat() and other *at() routines are emulated by accessing
/proc/self/fd/*/path and that will break with setuid()ing programs, leading
to various weird consequences (e.g. with the latest glibc, nftw() does not
work with setuid()ing programs on ppc and furthermore causes the LSB
testsuite to fail because of this).
This kernel patch fixes the problem by letting the process access its own
/proc/self/fd - as far as I can see, this should be reasonably safe since
for the process, this does not reveal "anything new". Feel free to comment
on this.
Signed-off-by: Petr Baudis <pasky@xxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Chris Wright <chrisw@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/proc/base.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff -puN fs/proc/base.c~let-even-non-dumpable-tasks-access-proc-self-fd fs/proc/base.c
--- a/fs/proc/base.c~let-even-non-dumpable-tasks-access-proc-self-fd
+++ a/fs/proc/base.c
@@ -1369,7 +1369,9 @@ static struct inode *proc_pid_make_inode
ei->type = ino;
inode->i_uid = 0;
inode->i_gid = 0;
- if (ino == PROC_TGID_INO || ino == PROC_TID_INO || task_dumpable(task)) {
+ if (ino == PROC_TGID_INO || ino == PROC_TID_INO ||
+ ((ino == PROC_TGID_FD || ino == PROC_TID_FD || ino >= PROC_TID_FD_DIR) && task == current) ||
+ task_dumpable(task)) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
}
@@ -1399,7 +1401,9 @@ static int pid_revalidate(struct dentry
struct inode *inode = dentry->d_inode;
struct task_struct *task = proc_task(inode);
if (pid_alive(task)) {
- if (proc_type(inode) == PROC_TGID_INO || proc_type(inode) == PROC_TID_INO || task_dumpable(task)) {
+ if (proc_type(inode) == PROC_TGID_INO || proc_type(inode) == PROC_TID_INO ||
+ ((proc_type(inode) == PROC_TGID_FD || proc_type(inode) == PROC_TID_FD) && task == current) ||
+ task_dumpable(task)) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
} else {
@@ -1426,7 +1430,7 @@ static int tid_fd_revalidate(struct dent
if (fcheck_files(files, fd)) {
rcu_read_unlock();
put_files_struct(files);
- if (task_dumpable(task)) {
+ if (task_dumpable(task) || task == current) {
inode->i_uid = task->euid;
inode->i_gid = task->egid;
} else {
_
Patches currently in -mm which might be from pasky@xxxxxxx are
let-even-non-dumpable-tasks-access-proc-self-fd.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
