timer/debug: Change /proc/timer_stats from 0644 to 0600

The timer_stats facility should filter and translate PIDs if opened
from a non-initial PID namespace, to avoid leaking information about
the wider system.  It should also not show kernel virtual addresses.
Unfortunately it has now been removed upstream (as redundant)
instead of being fixed.

For stable, fix the leak by restricting access to root only.  A
similar change was already made for the /proc/timer_list file.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c
index 1adecb4b87c8492e558b845914bd5c9a004fe9c0..7e4d715f9c22c5b3411773a3f8185ca677eac391 100644 (file)
--- a/kernel/time/timer_stats.c
+++ b/kernel/time/timer_stats.c
@@ -417,7 +417,7 @@ static int __init init_tstats_procfs(void)
 {
        struct proc_dir_entry *pe;
 
-       pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
+       pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
        if (!pe)
                return -ENOMEM;
        return 0;