diff options
author | Stephen Rothwell <sfr@canb.auug.org.au> | 2017-02-17 12:10:04 +1100 |
---|---|---|
committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2017-02-17 12:10:06 +1100 |
commit | b7e522b5644499784cb03674ce4ea297b150c105 (patch) | |
tree | 31ff4b692d5a90ce94b880c5821165b95ddc305f /fs | |
parent | 58dd05a9ae4c5a85cfa93b3e15574752e64c7972 (diff) | |
parent | 52176603795c2ab7e9faf6bb94820da1b726aabd (diff) |
Merge remote-tracking branch 'security/next'
Diffstat (limited to 'fs')
-rw-r--r-- | fs/proc/base.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 87c9a9aacda3..c147f10fcaa5 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2488,6 +2488,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, length = -ESRCH; if (!task) goto out_no_task; + + /* A task may only write its own attributes. */ + length = -EACCES; + if (current != task) + goto out; + if (count > PAGE_SIZE) count = PAGE_SIZE; @@ -2503,14 +2509,13 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, } /* Guard against adverse ptrace interaction */ - length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); + length = mutex_lock_interruptible(¤t->signal->cred_guard_mutex); if (length < 0) goto out_free; - length = security_setprocattr(task, - (char*)file->f_path.dentry->d_name.name, + length = security_setprocattr(file->f_path.dentry->d_name.name, page, count); - mutex_unlock(&task->signal->cred_guard_mutex); + mutex_unlock(¤t->signal->cred_guard_mutex); out_free: kfree(page); out: |