diff options
| author |   Christian Brauner <brauner@kernel.org> | 2025-02-12 12:24:28 +0100 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2025-02-12 12:24:28 +0100 |
| commit | 240189294fbc9550f5cd7ae9b446ad3cf3c5386a (patch) | |
| tree | ea319503941c20f2f91a91796695a760a73df662 /net/lapb/lapb_timer.c | |
| parent | Linux 6.14-rc2 (diff) | |
| parent | acct: block access to kernel internal filesystems (diff) | |
| download | wireguard-linux-240189294fbc9550f5cd7ae9b446ad3cf3c5386a.tar.xz wireguard-linux-240189294fbc9550f5cd7ae9b446ad3cf3c5386a.zip | |
Merge patch series "acct: don't allow access to internal filesystems"
Christian Brauner <brauner@kernel.org> says:
In [1] it was reported that the acct(2) system call can be used to
trigger a NULL deref in cases where it is set to write to a file that
triggers an internal lookup.
This can e.g., happen when pointing acct(2) to /sys/power/resume. At the
point the where the write to this file happens the calling task has
already exited and called exit_fs() but an internal lookup might be
triggered through lookup_bdev(). This may trigger a NULL-deref
when accessing current->fs.
This series does two things:
- Reorganize the code so that the the final write happens from the
workqueue but with the caller's credentials. This preserves the
(strange) permission model and has almost no regression risk.
- Block access to kernel internal filesystems as well as procfs and
sysfs in the first place.
This api should stop to exist imho.
Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com [1]
* patches from https://lore.kernel.org/r/20250211-work-acct-v1-0-1c16aecab8b3@kernel.org:
acct: block access to kernel internal filesystems
acct: perform last write from workqueue
Link: https://lore.kernel.org/r/20250211-work-acct-v1-0-1c16aecab8b3@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'net/lapb/lapb_timer.c')
0 files changed, 0 insertions, 0 deletions