diff options
| author |   Eric Biggers <ebiggers@google.com> | 2017-09-18 11:38:29 -0700 |
|---|---|---|
| committer |   David Howells <dhowells@redhat.com> | 2017-09-25 15:19:57 +0100 |
| commit | 4aa68e07d845562561f5e73c04aa521376e95252 (patch) | |
| tree | d8ca3fbc77070caa26fd327fd5d7e21a322add34 /tools/perf/scripts/python/call-graph-from-sql.py | |
| parent | KEYS: reset parent each time before searching key_user_tree (diff) | |
| download | wireguard-linux-4aa68e07d845562561f5e73c04aa521376e95252.tar.xz wireguard-linux-4aa68e07d845562561f5e73c04aa521376e95252.zip | |
KEYS: restrict /proc/keys by credentials at open time
When checking for permission to view keys whilst reading from
/proc/keys, we should use the credentials with which the /proc/keys file
was opened. This is because, in a classic type of exploit, it can be
possible to bypass checks for the *current* credentials by passing the
file descriptor to a suid program.
Following commit 34dbbcdbf633 ("Make file credentials available to the
seqfile interfaces") we can finally fix it. So let's do it.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions