Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-09 22:50:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/fs/proc
History
Kees Cook 5883f57ca0 proc: protect mm start_code/end_code in /proc/pid/stat 
While mm->start_stack was protected from cross-uid viewing (commit
f83ce3e6b02d5 ("proc: avoid information leaks to non-privileged
processes")), the start_code and end_code values were not.  This would
allow the text location of a PIE binary to leak, defeating ASLR.

Note that the value "1" is used instead of "0" for a protected value since
"ps", "killall", and likely other readers of /proc/pid/stat, take
start_code of "0" to mean a kernel thread and will misbehave.  Thanks to
Brad Spengler for pointing this out.

Addresses CVE-2011-0726

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Cc: <stable@kernel.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Eugene Teo <eugeneteo@kernel.sg>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-03-23 19:46:37 -07:00
..
array.c
proc: protect mm start_code/end_code in /proc/pid/stat
2011-03-23 19:46:37 -07:00
base.c
procfs: fix some wrong error code usage
2011-03-23 19:46:36 -07:00
cmdline.c
proc: switch /proc/cmdline to seq_file
2008-10-23 14:29:04 +04:00
consoles.c
console: rename acquire/release_console_sem() to console_lock/unlock()
2011-01-26 10:50:06 +10:00
cpuinfo.c
proc: move /proc/cpuinfo code to fs/proc/cpuinfo.c
2008-10-23 15:05:11 +04:00
devices.c
proc: use seq_puts()/seq_putc() where possible
2011-01-13 08:03:16 -08:00
generic.c
proc: make struct proc_dir_entry::namelen unsigned int
2011-03-23 19:46:37 -07:00
inode.c
unfuck proc_sysctl ->d_compare()
2011-03-08 02:22:27 -05:00
internal.h
proc: ->low_ino cleanup
2011-01-13 08:03:16 -08:00
interrupts.c
proc: move /proc/interrupts boilerplate code to fs/proc/interrupts.c
2008-10-23 15:15:46 +04:00
Kconfig
kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT
2011-01-20 17:02:05 -08:00
kcore.c
/proc/kcore: fix seeking
2011-01-13 08:03:17 -08:00
kmsg.c
procfs: Use generic_file_llseek in /proc/kmsg
2010-04-09 16:35:41 +02:00
loadavg.c
sched, timers: cleanup avenrun users
2009-05-15 15:32:45 +02:00
Makefile
proc: move proc_console.c to fs/proc/consoles.c
2011-01-13 08:03:17 -08:00
meminfo.c
thp: transparent hugepage vmstat
2011-01-13 17:32:43 -08:00
mmu.c
fs/proc/mmu.c: headers butchery
2007-10-17 08:42:48 -07:00
nommu.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
page.c
thp: remove PG_buddy
2011-01-13 17:32:43 -08:00
proc_devtree.c
of/flattree: Drop an uninteresting message to pr_debug level
2011-03-02 13:45:18 -07:00
proc_net.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
proc_sysctl.c
Merge branch 'next' into for-linus
2011-03-16 09:41:17 +11:00
proc_tty.c
proc: use seq_puts()/seq_putc() where possible
2011-01-13 08:03:16 -08:00
root.c
switch procfs to ->mount()
2010-10-29 04:17:01 -04:00
softirqs.c
proc: use seq_puts()/seq_putc() where possible
2011-01-13 08:03:16 -08:00
stat.c
proc: use seq_puts()/seq_putc() where possible
2011-01-13 08:03:16 -08:00
task_mmu.c
procfs: fix /proc/<pid>/maps heap check
2011-03-23 19:46:36 -07:00
task_nommu.c
proc: use unsigned long inside /proc/*/statm
2011-01-13 08:03:16 -08:00
uptime.c
[PATCH] Fix idle time field in /proc/uptime
2009-09-24 10:16:24 +02:00
version.c
proc: switch /proc/version to seq_file
2008-10-23 14:19:58 +04:00
vmcore.c
ARM: 6485/5: proc/vmcore - allow archs to override vmcore_elf_check_arch()
2010-11-30 13:39:55 +00:00