diff options
| author |   Hugh Dickins <hugh@veritas.com> | 2009-03-28 23:21:27 +0000 |
|---|---|---|
| committer |   Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-28 17:30:00 -0700 |
| commit | 7c2c7d993044cddc5010f6f429b100c63bc7dffb (patch) | |
| tree | b92a6daf7c11f9a53de6fed07512fe02cd5b4a68 /net/unix/af_unix.c | |
| parent | fix setuid sometimes doesn't (diff) | |
| download | wireguard-linux-7c2c7d993044cddc5010f6f429b100c63bc7dffb.tar.xz wireguard-linux-7c2c7d993044cddc5010f6f429b100c63bc7dffb.zip | |
fix setuid sometimes wouldn't
check_unsafe_exec() also notes whether the fs_struct is being
shared by more threads than will get killed by the exec, and if so
sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient
use of get_fs_struct(), which also raises that sharing count.
This might occasionally cause a setuid program not to change euid,
in the same way as happened with files->count (check_unsafe_exec
also looks at sighand->count, but /proc doesn't raise that one).
We'd prefer exec not to unshare fs_struct: so fix this in procfs,
replacing get_fs_struct() by get_fs_path(), which does path_get
while still holding task_lock, instead of raising fs->count.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
___
fs/proc/base.c | 50 +++++++++++++++--------------------------------
1 file changed, 16 insertions(+), 34 deletions(-)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions