--- /dev/null
+From ben@decadent.org.uk Thu May 9 19:42:50 2019
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 7 May 2019 20:04:04 +0100
+Subject: timer/debug: Change /proc/timer_stats from 0644 to 0600
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>
+Cc: stable@vger.kernel.org
+Message-ID: <20190507190404.ub43rr4iuvqfkbsq@decadent.org.uk>
+Content-Disposition: inline
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+The timer_stats facility should filter and translate PIDs if opened
+from a non-initial PID namespace, to avoid leaking information about
+the wider system. It should also not show kernel virtual addresses.
+Unfortunately it has now been removed upstream (as redundant)
+instead of being fixed.
+
+For stable, fix the leak by restricting access to root only. A
+similar change was already made for the /proc/timer_list file.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/timer_stats.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/time/timer_stats.c
++++ b/kernel/time/timer_stats.c
+@@ -417,7 +417,7 @@ static int __init init_tstats_procfs(voi
+ {
+ struct proc_dir_entry *pe;
+
+- pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
++ pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
+ if (!pe)
+ return -ENOMEM;
+ return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
