On Tue, May 07, 2019 at 08:04:04PM +0100, Ben Hutchings wrote:
> The timer_stats facility should filter and translate PIDs if opened
> from a non-initial PID namespace, to avoid leaking information about
> the wider system. It should also not show kernel virtual addresses.
> Unfortunately it has now been removed upstream (as redundant)
> instead of being fixed.
>
> For stable, fix the leak by restricting access to root only. A
> similar change was already made for the /proc/timer_list file.
>
> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
> ---
> --- a/kernel/time/timer_stats.c
> +++ b/kernel/time/timer_stats.c
> @@ -417,7 +417,7 @@ static int __init init_tstats_procfs(voi
> {
> struct proc_dir_entry *pe;
>
> - pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
> + pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
> if (!pe)
> return -ENOMEM;
> return 0;
Now queued up, thanks.
greg k-h
