Re: [patch] /proc fix and experimental security patch

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 15 Jun 1998 11:40:46 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: zilog 8530 SCC based cards"
Previous message: Alan Cox: "Re: Problem compiling sound in 2.1.106"

> - int ino = inode->i_ino & 0xffff;
>
> read_lock(&tasklist_lock);
> if (fill && (p = find_task_by_pid(pid)) != NULL) {
> - if (p->dumpable || ino == PROC_PID_INO) {
> - inode->i_uid = p->euid;
> - inode->i_gid = p->gid;
> - }
> + inode->i_uid = p->euid;
> + inode->i_gid = p->gid;

This appears to be a security hole.

Setuid processes in unix are driven on the basis that even if they drop the
setuid they may contain information that is 'private'. You can neither
ptrace nor core dump them. Now you appear to have added the ability to
access their 'mem' file in /proc freely

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Alan Cox: "Re: zilog 8530 SCC based cards"
Previous message: Alan Cox: "Re: Problem compiling sound in 2.1.106"