Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-10 15:10:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/fs
History
Hugh Dickins 7c2c7d9930 fix setuid sometimes wouldn't 
check_unsafe_exec() also notes whether the fs_struct is being
shared by more threads than will get killed by the exec, and if so
sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient
use of get_fs_struct(), which also raises that sharing count.

This might occasionally cause a setuid program not to change euid,
in the same way as happened with files->count (check_unsafe_exec
also looks at sighand->count, but /proc doesn't raise that one).

We'd prefer exec not to unshare fs_struct: so fix this in procfs,
replacing get_fs_struct() by get_fs_path(), which does path_get
while still holding task_lock, instead of raising fs->count.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
___

 fs/proc/base.c |   50 +++++++++++++++--------------------------------
 1 file changed, 16 insertions(+), 34 deletions(-)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-28 17:30:00 -07:00
..
9p
vfs: simple_set_mnt() should return void
2009-03-27 14:44:03 -04:00
adfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
affs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
afs
constify dentry_operations: AFS
2009-03-27 14:44:00 -04:00
autofs
constify dentry_operations: autofs, autofs4
2009-03-27 14:44:00 -04:00
autofs4
constify dentry_operations: autofs, autofs4
2009-03-27 14:44:00 -04:00
befs
fs/Kconfig: move befs out
2009-01-22 13:15:57 +03:00
bfs
fs/Kconfig: move bfs out
2009-01-22 13:15:57 +03:00
btrfs
btrfs: get rid of current_is_pdflush() in btrfs_btree_balance_dirty
2009-03-26 11:01:35 +01:00
cifs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
coda
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
configfs
constify dentry_operations: configfs
2009-03-27 14:44:03 -04:00
cramfs
fs/Kconfig: move cramfs out
2009-01-22 13:15:58 +03:00
debugfs
debugfs: add helpers for exporting a size_t simple value
2009-01-07 10:00:16 -08:00
devpts
Merge code for single and multiple-instance mounts
2009-03-27 14:44:04 -04:00
dlm
dlm: fix length calculation in compat code
2009-03-11 12:23:59 -05:00
ecryptfs
constify dentry_operations: ecryptfs
2009-03-27 14:44:01 -04:00
efs
fs/Kconfig: move efs out
2009-01-22 13:15:57 +03:00
exportfs
Merge branch 'next' into for-linus
2008-12-25 11:40:09 +11:00
ext2
ext2: Zero our b_size in ext2_quota_read()
2009-03-26 02:18:38 +01:00
ext3
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6
2009-03-27 14:48:34 -07:00
ext4
ext4: Use lowercase names of quota functions
2009-03-26 02:18:36 +01:00
fat
constify dentry_operations: FAT
2009-03-27 14:44:01 -04:00
freevxfs
fs/Kconfig: move vxfs out
2009-01-22 13:15:58 +03:00
fuse
constify dentry_operations: FUSE
2009-03-27 14:44:01 -04:00
gfs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
hfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hfsplus
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hostfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hpfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hppfs
CRED: Use creds in file structs
2008-11-14 10:39:25 +11:00
hugetlbfs
Do not account for the address space used by hugetlbfs using VM_ACCOUNT
2009-02-10 10:48:42 -08:00
isofs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
jbd
jbd: fix return value of journal_start_commit()
2009-02-11 14:25:35 -08:00
jbd2
jbd2: Avoid possible NULL dereference in jbd2_journal_begin_ordered_truncate()
2009-02-10 11:15:34 -05:00
jffs2
[JFFS2] fix mount crash caused by removed nodes
2009-02-21 11:09:29 +01:00
jfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
lockd
NLM: Fix GRANT callback address comparison when IPv6 is enabled
2009-03-10 20:33:20 -04:00
minix
Update my email address
2009-03-22 11:28:37 -07:00
ncpfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
nfs
constify dentry_operations: NFS
2009-03-27 14:43:59 -04:00
nfs_common
SUNRPC: nfsacl_encode/nfsacl_decode should be exported as GPL-only
2008-12-23 15:21:32 -05:00
nfsd
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6
2009-03-27 14:48:34 -07:00
nls
remove CONFIG_KMOD from fs
2008-10-17 02:38:36 +11:00
notify
fs: avoid I_NEW inodes
2009-03-27 14:44:05 -04:00
ntfs
fs/Kconfig: move ntfs out
2009-01-22 13:15:55 +03:00
ocfs2
constify dentry_operations: OCFS2
2009-03-27 14:44:02 -04:00
omfs
fs/Kconfig: move omfs out
2009-01-22 13:15:58 +03:00
openpromfs
zero i_uid/i_gid on inode allocation
2009-01-05 11:54:28 -05:00
partitions
Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
2009-03-26 16:04:22 -07:00
proc
fix setuid sometimes wouldn't
2009-03-28 17:30:00 -07:00
qnx4
fs/Kconfig: move qnx4 out
2009-01-22 13:15:59 +03:00
quota
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
ramfs
ramfs: Remove quota call
2009-03-26 02:18:35 +01:00
reiserfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
romfs
fs/Kconfig: move romfs out
2009-01-22 13:15:59 +03:00
smbfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
squashfs
Squashfs: Valid filesystems are flagged as bad by the corrupted fs patch
2009-03-12 03:23:48 +00:00
sysfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
sysv
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
ubifs
vfs: simple_set_mnt() should return void
2009-03-27 14:44:03 -04:00
udf
udf: Use lowercase names of quota functions
2009-03-26 02:18:36 +01:00
ufs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
xfs
xfs: only issues a cache flush on unmount if barriers are enabled
2009-03-06 17:35:12 -06:00
aio.c
aio: lookup_ioctx can return the wrong value when looking up a bogus context
2009-03-19 15:57:18 -07:00
anon_inodes.c
constify dentry_operations: rest
2009-03-27 14:44:03 -04:00
attr.c
vfs: Use lowercase names of quota functions
2009-03-26 02:18:35 +01:00
bad_inode.c
kill ->dir_notify()
2008-12-31 18:07:43 -05:00
binfmt_aout.c
sanitize ifdefs in binfmt_aout
2009-01-03 11:45:54 -08:00
binfmt_elf_fdpic.c
FDPIC: Don't attempt to expand the userspace stack to fill the space allocated
2009-01-08 12:04:47 +00:00
binfmt_elf.c
elf core dump: fix get_user use
2009-02-06 17:34:07 -08:00
binfmt_em86.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_flat.c
FLAT: Don't attempt to expand the userspace stack to fill the space allocated
2009-01-08 12:04:47 +00:00
binfmt_misc.c
fs/binfmt_misc.c: add terminating newline to /proc/sys/fs/binfmt_misc/status
2009-01-06 15:59:19 -08:00
binfmt_script.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_som.c
CRED: Make execve() take advantage of copy-on-write credentials
2008-11-14 10:39:24 +11:00
bio-integrity.c
block: add private bio_set for bio integrity allocations
2009-03-24 12:35:17 +01:00
bio.c
block: add private bio_set for bio integrity allocations
2009-03-24 12:35:17 +01:00
block_dev.c
fs: move bdev code out of buffer.c
2009-03-27 14:44:03 -04:00
buffer.c
fs: move bdev code out of buffer.c
2009-03-27 14:44:03 -04:00
char_dev.c
fs: fix name overwrite in __register_chrdev_region()
2009-01-06 15:59:13 -08:00
compat_binfmt_elf.c
compat_ioctl.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2009-03-01 21:35:16 -08:00
compat.c
fix setuid sometimes doesn't
2009-03-28 17:30:00 -07:00
dcache.c
cleanup d_add_ci
2009-03-27 14:43:57 -04:00
dcookies.c
[CVE-2009-0029] System call wrapper special cases
2009-01-14 14:15:18 +01:00
direct-io.c
fs: truncate blocks outside i_size after O_DIRECT write error
2009-01-06 15:59:06 -08:00
drop_caches.c
fs: avoid I_NEW inodes
2009-03-27 14:44:05 -04:00
eventfd.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
eventpoll.c
Rename struct file->f_ep_lock
2009-03-16 08:32:27 -06:00
exec.c
fix setuid sometimes doesn't
2009-03-28 17:30:00 -07:00
fcntl.c
Rationalize fasync return values
2009-03-16 08:34:35 -06:00
fifo.c
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
file_table.c
Merge branch 'bkl-removal' of git://git.lwn.net/linux-2.6
2009-03-26 16:14:02 -07:00
file.c
[PATCH] merge locate_fd() and get_unused_fd()
2008-08-01 11:25:23 -04:00
filesystems.c
[CVE-2009-0029] System call wrappers part 27
2009-01-14 14:15:29 +01:00
fs-writeback.c
fs: new inode i_state corruption fix
2009-03-12 16:20:24 -07:00
generic_acl.c
inode.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
internal.h
fix setuid sometimes doesn't
2009-03-28 17:30:00 -07:00
ioctl.c
Rationalize fasync return values
2009-03-16 08:34:35 -06:00
ioprio.c
[CVE-2009-0029] System call wrappers part 28
2009-01-14 14:15:30 +01:00
Kconfig
quota: Move quota files into separate directory
2009-03-26 02:18:35 +01:00
Kconfig.binfmt
CORE_DUMP_DEFAULT_ELF_HEADERS depends on ELF_CORE
2009-01-09 16:54:41 -08:00
libfs.c
vfs: simple_set_mnt() should return void
2009-03-27 14:44:03 -04:00
locks.c
[CVE-2009-0029] System call wrappers part 16
2009-01-14 14:15:25 +01:00
Makefile
quota: Move quota files into separate directory
2009-03-26 02:18:35 +01:00
mbcache.c
mpage.c
do_mpage_readpage(): remove useless clear_buffer_mapped() call
2009-01-06 15:59:01 -08:00
namei.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
nfsctl.c
[CVE-2009-0029] System call wrappers part 27
2009-01-14 14:15:29 +01:00
no-block.c
open.c
vfs: Use lowercase names of quota functions
2009-03-26 02:18:35 +01:00
pipe.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
pnode.c
pnode.h
posix_acl.c
CRED: Wrap task credential accesses in the filesystem subsystem
2008-11-14 10:39:05 +11:00
read_write.c
[CVE-2009-0029] System call wrappers part 20
2009-01-14 14:15:26 +01:00
read_write.h
readdir.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
select.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
seq_file.c
seq_file: properly cope with pread
2009-02-18 15:37:53 -08:00
signalfd.c
[CVE-2009-0029] System call wrappers part 31
2009-01-14 14:15:31 +01:00
splice.c
[CVE-2009-0029] System call wrappers part 31
2009-01-14 14:15:31 +01:00
stack.c
stat.c
[CVE-2009-0029] System call wrappers part 30
2009-01-14 14:15:30 +01:00
super.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
sync.c
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6
2009-03-27 14:48:34 -07:00
timerfd.c
timerfd: add flags check
2009-02-18 15:37:53 -08:00
utimes.c
[CVE-2009-0029] System call wrappers part 30
2009-01-14 14:15:30 +01:00
xattr_acl.c
xattr.c
[CVE-2009-0029] System call wrappers part 13
2009-01-14 14:15:23 +01:00