On Tue, Jun 08, 2021 at 10:12:21AM -0700, Kees Cook wrote:
> Commit bfb819ea20ce ("proc: Check /proc/$pid/attr/ writes against file opener")
> tried to make sure that there could not be a confusion between the opener of
> a /proc/$pid/attr/ file and the writer. It used struct cred to make sure
> the privileges didn't change. However, there were existing cases where a more
> privileged thread was passing the opened fd to a differently privileged thread
> (during container setup). Instead, use mm_struct to track whether the opener
> and writer are still the same process. (This is what several other proc files
> already do, though for different reasons.)
>
> Reported-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> Reported-by: Andrea Righi <andrea.righi@xxxxxxxxxxxxx>
> Tested-by: Andrea Righi <andrea.righi@xxxxxxxxxxxxx>
> Fixes: bfb819ea20ce ("proc: Check /proc/$pid/attr/ writes against file opener")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
Thanks!
Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
