]>
Commit | Line | Data |
---|---|---|
544566e1 GKH |
1 | From ben@decadent.org.uk Thu May 9 19:42:50 2019 |
2 | From: Ben Hutchings <ben@decadent.org.uk> | |
3 | Date: Tue, 7 May 2019 20:04:04 +0100 | |
4 | Subject: timer/debug: Change /proc/timer_stats from 0644 to 0600 | |
5 | To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org> | |
6 | Cc: stable@vger.kernel.org | |
7 | Message-ID: <20190507190404.ub43rr4iuvqfkbsq@decadent.org.uk> | |
8 | Content-Disposition: inline | |
9 | ||
10 | From: Ben Hutchings <ben@decadent.org.uk> | |
11 | ||
12 | The timer_stats facility should filter and translate PIDs if opened | |
13 | from a non-initial PID namespace, to avoid leaking information about | |
14 | the wider system. It should also not show kernel virtual addresses. | |
15 | Unfortunately it has now been removed upstream (as redundant) | |
16 | instead of being fixed. | |
17 | ||
18 | For stable, fix the leak by restricting access to root only. A | |
19 | similar change was already made for the /proc/timer_list file. | |
20 | ||
21 | Signed-off-by: Ben Hutchings <ben@decadent.org.uk> | |
22 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
23 | ||
24 | --- | |
25 | kernel/time/timer_stats.c | 2 +- | |
26 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
27 | ||
28 | --- a/kernel/time/timer_stats.c | |
29 | +++ b/kernel/time/timer_stats.c | |
30 | @@ -417,7 +417,7 @@ static int __init init_tstats_procfs(voi | |
31 | { | |
32 | struct proc_dir_entry *pe; | |
33 | ||
34 | - pe = proc_create("timer_stats", 0644, NULL, &tstats_fops); | |
35 | + pe = proc_create("timer_stats", 0600, NULL, &tstats_fops); | |
36 | if (!pe) | |
37 | return -ENOMEM; | |
38 | return 0; |