microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/fs
История
Kalesh Singh 62cbb09899 procfs: prevent unprivileged processes accessing fdinfo dir 
[ Upstream commit 1927e498ae ]

The file permissions on the fdinfo dir from were changed from
S_IRUSR|S_IXUSR to S_IRUGO|S_IXUGO, and a PTRACE_MODE_READ check was added
for opening the fdinfo files [1].  However, the ptrace permission check
was not added to the directory, allowing anyone to get the open FD numbers
by reading the fdinfo directory.

Add the missing ptrace permission check for opening the fdinfo directory.

[1] https://lkml.kernel.org/r/20210308170651.919148-1-kaleshsingh@google.com

Link: https://lkml.kernel.org/r/20210713162008.1056986-1-kaleshsingh@google.com
Fixes: 7bc3fa0172 ("procfs: allow reading fdinfo with PTRACE_MODE_READ")
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Hridya Valsaraju <hridya@google.com>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-05-18 10:26:50 +02:00
..
9p Revert "fs/9p: search open fids first" 2022-02-08 18:34:04 +01:00
adfs
affs
afs afs: Fix mmap 2021-12-22 09:32:45 +01:00
autofs autofs: fix wait name hash calculation in autofs_wait() 2021-10-20 21:09:02 -04:00
befs
bfs
btrfs btrfs: always log symlinks in full mode 2022-05-12 12:30:20 +02:00
cachefiles
ceph ceph: fix possible NULL pointer dereference for req->r_session 2022-05-09 09:14:30 +02:00
cifs cifs: destage any unwritten data to the server before calling copychunk_write 2022-05-09 09:14:40 +02:00
coda
configfs configfs: fix a race in configfs_{,un}register_subsystem() 2022-03-02 11:48:02 +01:00
cramfs
crypto fscrypt: allow 256-bit master keys with AES-256-XTS 2021-11-18 19:16:11 +01:00
debugfs debugfs: lockdown: Allow reading debugfs files that are not world readable 2022-01-27 11:03:55 +01:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:27:01 +01:00
dlm fs: dlm: filter user dlm messages for kernel locks 2022-01-27 11:04:23 +01:00
ecryptfs
efivarfs
efs
erofs iomap: Add done_before argument to iomap_dio_rw 2022-05-01 17:22:32 +02:00
exfat exfat: fix i_blocks for files truncated over 4 GiB 2022-03-08 19:12:32 +01:00
exportfs
ext2 ext2: correct max file size computing 2022-04-08 14:23:35 +02:00
ext4 ext4: fix bug_on in start_this_handle during umount filesystem 2022-05-09 09:14:39 +02:00
f2fs iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable 2022-05-01 17:22:28 +02:00
fat linux-kselftest-kunit-5.15-rc1 2021-09-02 12:32:12 -07:00
freevxfs
fscache fscache: Remove an unused static variable 2021-10-04 22:13:12 +01:00
fuse iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable 2022-05-01 17:22:28 +02:00
gfs2 gfs2: No short reads or writes upon glock contention 2022-05-09 09:14:39 +02:00
hfs
hfsplus
hostfs
hpfs
hugetlbfs mm, hugetlb: allow for "high" userspace addresses 2022-04-27 14:38:57 +02:00
iomap iomap: Add done_before argument to iomap_dio_rw 2022-05-01 17:22:32 +02:00
isofs isofs: Fix out of bound access for corrupted isofs image 2021-11-12 15:05:50 +01:00
jbd2 jbd2: fix a potential race while discarding reserved buffers after an abort 2022-04-27 14:39:02 +02:00
jffs2 jffs2: fix memory leak in jffs2_scan_medium 2022-04-08 14:22:53 +02:00
jfs jfs: prevent NULL deref in diFree 2022-04-13 20:59:13 +02:00
kernfs kernfs: don't create a negative dentry if inactive node exists 2021-10-04 10:27:18 +02:00
ksmbd ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION 2022-05-09 09:14:40 +02:00
lockd lockd: fix failure to cleanup client locks 2022-02-05 12:38:57 +01:00
minix minix: fix bug when opening a file with O_DIRECT 2022-04-13 20:59:10 +02:00
netfs netfs: fix parameter of cleanup() 2021-12-29 12:28:59 +01:00
nfs nfs: fix broken handling of the softreval mount option 2022-05-18 10:26:49 +02:00
nfs_common nfs: Fix kerneldoc warning shown up by W=1 2021-10-04 22:02:17 +01:00
nfsd NFSD: Fix nfsd_breaker_owns_lease() return values 2022-04-08 14:23:57 +02:00
nilfs2 Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
nls
notify fanotify: Fix stale file descriptor in copy_event_to_user() 2022-02-05 12:38:59 +01:00
ntfs iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable 2022-05-01 17:22:28 +02:00
ntfs3 iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable 2022-05-01 17:22:28 +02:00
ocfs2 ocfs2: fix crash when mount with quota enabled 2022-04-08 14:22:56 +02:00
omfs
openpromfs
orangefs orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() 2022-01-20 09:13:13 +01:00
overlayfs ovl: fix NULL pointer dereference in copy up warning 2022-02-05 12:38:59 +01:00
proc procfs: prevent unprivileged processes accessing fdinfo dir 2022-05-18 10:26:50 +02:00
pstore pstore: Don't use semaphores in always-atomic-context code 2022-04-08 14:23:01 +02:00
qnx4 qnx4: work around gcc false positive warning bug 2021-09-21 08:36:48 -07:00
qnx6
quota quota: make dquot_quota_sync return errors from ->sync_fs 2022-02-23 12:03:06 +01:00
ramfs
reiserfs Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
romfs
smbfs_common cifs: Fix crash on unload of cifs_arc4.ko 2021-12-14 10:57:12 +01:00
squashfs
sysfs
sysv
tracefs tracefs: Set the group ownership in apply_options() not parse_options() 2022-03-02 11:48:05 +01:00
ubifs ubifs: rename_whiteout: correct old_dir size computing 2022-04-08 14:24:08 +02:00
udf udf: Avoid using stale lengthOfImpUse 2022-05-15 20:18:52 +02:00
ufs
unicode
vboxsf vboxfs: fix broken legacy mount signature checking 2021-09-27 11:26:21 -07:00
verity fs-verity: fix signed integer overflow with i_size near S64_MAX 2021-09-22 10:56:34 -07:00
xfs iomap: Add done_before argument to iomap_dio_rw 2022-05-01 17:22:32 +02:00
zonefs zonefs: Clear inode information flags on inode creation 2022-05-09 09:14:41 +02:00
Kconfig 4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate 2021-09-12 10:10:21 -07:00
Kconfig.binfmt
Makefile 4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate 2021-09-12 10:10:21 -07:00
aio.c aio: Fix incorrect usage of eventfd_signal_allowed() 2021-12-14 10:57:22 +01:00
anon_inodes.c
attr.c fs: handle circular mappings correctly 2021-11-25 09:48:46 +01:00
bad_inode.c
binfmt_aout.c binfmt: a.out: Fix bogus semicolon 2021-09-05 10:15:05 -07:00
binfmt_elf.c coredump: Use the vma snapshot in fill_files_note 2022-04-08 14:24:18 +02:00
binfmt_elf_fdpic.c coredump: Snapshot the vmas in do_coredump 2022-04-08 14:24:17 +02:00
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
buffer.c mm: fs: fix lru_cache_disabled race in bh_lru 2022-04-08 14:22:54 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c coredump: Use the vma snapshot in fill_files_note 2022-04-08 14:24:18 +02:00
d_path.c d_path: make 'prepend()' fill up the buffer exactly on overflow 2021-09-02 10:07:29 -07:00
dax.c
dcache.c
direct-io.c
drop_caches.c fs: drop_caches: fix skipping over shadow cache inodes 2021-09-03 09:58:10 -07:00
eventfd.c eventfd: Export eventfd_wake_count to modules 2021-09-06 07:20:56 -04:00
eventpoll.c ARM development updates for 5.15: 2021-09-09 13:25:49 -07:00
exec.c exec: Force single empty string when argv is empty 2022-04-08 14:23:01 +02:00
fcntl.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
fhandle.c
file.c fs: fix fd table size alignment properly 2022-04-08 14:23:54 +02:00
file_table.c
filesystems.c
fs-writeback.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
fs_context.c vfs: fs_context: fix up param length parsing in legacy_parse_param 2022-01-20 09:13:14 +01:00
fs_parser.c namei: Standardize callers of filename_lookup() 2021-09-07 16:07:47 -04:00
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c fs: export an inode_update_time helper 2021-11-25 09:49:08 +01:00
internal.h block: simplify the block device syncing code 2022-04-27 14:38:50 +02:00
io-wq.c io-wq: drop wqe lock before creating new worker 2021-12-22 09:32:51 +01:00
io-wq.h
io_uring.c io_uring: check reserved fields for recv/recvmsg 2022-05-09 09:14:38 +02:00
ioctl.c
kernel_read_file.c vfs: check fd has read access in kernel_read_file_from_fd() 2021-10-18 20:22:03 -10:00
libfs.c
locks.c Revert "memcg: enable accounting for file lock caches" 2021-09-07 11:21:48 -07:00
mbcache.c
mount.h
mpage.c
namei.c VFS: filename_create(): fix incorrect intent. 2022-04-27 14:38:57 +02:00
namespace.c fs/mount_setattr: always cleanup mount_kattr 2022-01-05 12:42:39 +01:00
no-block.c
nsfs.c
open.c mm, thp: fix incorrect unmap behavior for private pages 2021-11-18 19:17:17 +01:00
pipe.c watch_queue: Fix lack of barrier/sync/lock between post and read 2022-03-16 14:23:44 +01:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
remap_range.c
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2022-01-29 10:58:25 +01:00
seq_file.c
signalfd.c signalfd: use wake_up_pollfree() 2021-12-14 10:57:15 +01:00
splice.c
stack.c
stat.c stat: fix inconsistency between struct stat and struct compat_stat 2022-04-27 14:38:57 +02:00
statfs.c
super.c vfs: make freeze_super abort when sync_filesystem returns error 2022-02-23 12:03:05 +01:00
sync.c vfs: make sync_filesystem return errors from ->sync_fs 2022-04-27 14:38:50 +02:00
timerfd.c
userfaultfd.c userfaultfd: fix a race between writeprotect and exit_mmap() 2021-10-18 20:22:02 -10:00
utimes.c
xattr.c