proc: prevent changes to overridden credentials

Prevent userspace from changing the the /proc/PID/attr values if the task's credentials are currently overriden. This not only makes sense conceptually, it also prevents some really bizarre error cases caused when trying to commit credentials to a task with overridden credentials. Cc: <[email protected]> Reported-by: "chengjian (D)" <[email protected]> Signed-off-by: Paul Moore <[email protected]> Acked-by: John Johansen <[email protected]> Acked-by: James Morris <[email protected]> Acked-by: Casey Schaufler <[email protected]>
torvalds · Apr 29, 2019 · 35a196b · 35a196b
1 parent c750e69
commit 35a196b
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/fs/proc/base.c b/fs/proc/base.c
@@ -2539,6 +2539,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
  rcu_read_unlock();
  return -EACCES;
  }
+ /* Prevent changes to overridden credentials. */
+ if (current_cred() != current_real_cred()) {
+ rcu_read_unlock();
+ return -EBUSY;
+ }
  rcu_read_unlock();
 
  if (count > PAGE_SIZE)