[PATCH 0/1] proc: Fix ptrace-based permission checks for accessing task maps

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/1] proc: Fix ptrace-based permission checks for accessing task maps
@ 2016-02-28  8:39 Corey Wright
  2016-02-28  8:42 ` [PATCH 1/1] " Corey Wright
  0 siblings, 1 reply; 6+ messages in thread
From: Corey Wright @ 2016-02-28  8:39 UTC (permalink / raw)
  To: stable; +Cc: Jann Horn

The recently released stable versions (eg 3.10.98, 3.12.55, 3.14.62) introduce
a bug where all access to /proc/pid/maps and /proc/pid/pagemap is denied due
to the backported commit "ptrace: use fsuid, fsgid, effective creds for fs
access checks" not modifying the mm_access() calls to include
PTRACE_MODE_FSCREDS in fs/proc/task_mmu.c and fs/proc/task_nommu.c.

This was discovered, patched, and tested on 3.10.98, but only confirmed by
source code review in 3.12.55 and 3.14.62.

The patch was made against 3.10.98, but also applies to 3.12.55 and 3.14.62.

Bug demonstration:

root@test:~# id -a
uid=0(root) gid=0(root) groups=0(root)
root@test:~# cat /proc/1/maps >/dev/null
cat: /proc/1/maps: Permission denied
root@test:~# dmesg | tail -n24
[   66.274897] ------------[ cut here ]------------
[   66.312570] WARNING: at kernel/ptrace.c:233 __ptrace_may_access+0x46/0xf9()
[   66.385110] denying ptrace access check without PTRACE_MODE_*CREDS
[   66.413088] Modules linked in: loop joydev hid_generic snd_pcm snd_page_alloc snd_timer snd processor usbhid i2c_piix4 hid soundcore psmouse thermal_sys serio_raw pcspkr evdev i2c_core parport_pc microcode parport button ac ext4 crc16 jbd2 mbcache sr_mod cdrom ata_generic sg sd_mod crc_t10dif ata_piix ohci_hcd ehci_hcd ahci libahci e1000 usbcore libata usb_common scsi_mod
[   66.724711] CPU: 0 PID: 2005 Comm: cat Not tainted 3.10.98+1-amd64 #1
[   66.793618] Hardware name: innotek GmbH VirtualBox, BIOS VirtualBox 12/01/2006
[   66.887232]  ffffffff81393e15 0000000000000000 ffffffff8103d0bd ffff880016c00200
[   66.928111]  ffff880015ecdd58 00000000000012d0 ffff880016ecad08 0000000000000001
[   66.992842]  0000000000000001 0000000000000000 ffffffff8103d16d ffffffff814f3d1f
[   67.032856] Call Trace:
[   67.092708]  [<ffffffff81393e15>] ? dump_stack+0xd/0x17
[   67.096932]  [<ffffffff8103d0bd>] ? warn_slowpath_common+0x5f/0x77
[   67.193852]  [<ffffffff8103d16d>] ? warn_slowpath_fmt+0x45/0x4a
[   67.197611]  [<ffffffff810469b0>] ? __ptrace_may_access+0x46/0xf9
[   67.201716]  [<ffffffff81047518>] ? ptrace_may_access+0x28/0x3e
[   67.293288]  [<ffffffff81061e20>] ? should_resched+0x5/0x23
[   67.296339]  [<ffffffff8103acf1>] ? mm_access+0x53/0x81
[   67.404368]  [<ffffffff811580b2>] ? m_start+0x65/0x17b
[   67.428423]  [<ffffffff811007c3>] ? kmem_cache_alloc_trace+0xc0/0xd0
[   67.429447]  [<ffffffff811294de>] ? seq_read+0x13a/0x341
[   67.432574]  [<ffffffff811105b9>] ? vfs_read+0x93/0xf5
[   67.440116]  [<ffffffff81110732>] ? SyS_read+0x51/0x80
[   67.501553]  [<ffffffff8139c949>] ? system_call_fastpath+0x16/0x1b
[   67.505709] ---[ end trace b74f9ab2dd68c613 ]---
root@test:~# cat /proc/1/pagemap >/dev/null
cat: /proc/1/pagemap: Permission denied
root@test:~# dmesg | tail -n24
[   67.505709] ---[ end trace b74f9ab2dd68c613 ]---
[  285.010343] ------------[ cut here ]------------
[  285.108449] WARNING: at kernel/ptrace.c:233 __ptrace_may_access+0x46/0xf9()
[  285.216943] denying ptrace access check without PTRACE_MODE_*CREDS
[  285.252505] Modules linked in: loop joydev hid_generic snd_pcm snd_page_alloc snd_timer snd processor usbhid i2c_piix4 hid soundcore psmouse thermal_sys serio_raw pcspkr evdev i2c_core parport_pc microcode parport button ac ext4 crc16 jbd2 mbcache sr_mod cdrom ata_generic sg sd_mod crc_t10dif ata_piix ohci_hcd ehci_hcd ahci libahci e1000 usbcore libata usb_common scsi_mod
[  285.654499] CPU: 0 PID: 2008 Comm: cat Tainted: G        W    3.10.98+1-amd64 #1
[  285.721663] Hardware name: innotek GmbH VirtualBox, BIOS VirtualBox 12/01/2006
[  285.732845]  ffffffff81393e15 0000000000000000 ffffffff8103d0bd ffff880016c025c0
[  285.768903]  ffff8800170e7d68 00000000000c12d0 ffff880016ecad08 0000000000000001
[  285.940092]  0000000000000001 ffff880016eca7b0 ffffffff8103d16d ffffffff814f3d1f
[  285.964850] Call Trace:
[  285.965703]  [<ffffffff81393e15>] ? dump_stack+0xd/0x17
[  285.967029]  [<ffffffff8103d0bd>] ? warn_slowpath_common+0x5f/0x77
[  286.025849]  [<ffffffff8103d16d>] ? warn_slowpath_fmt+0x45/0x4a
[  286.030987]  [<ffffffff810469b0>] ? __ptrace_may_access+0x46/0xf9
[  286.053425]  [<ffffffff81047518>] ? ptrace_may_access+0x28/0x3e
[  286.127192]  [<ffffffff81061e20>] ? should_resched+0x5/0x23
[  286.133879]  [<ffffffff8103acf1>] ? mm_access+0x53/0x81
[  286.141205]  [<ffffffff81158a64>] ? pagemap_read+0xa7/0x29b
[  286.154539]  [<ffffffff8139a6c4>] ? __do_page_fault+0x367/0x408
[  286.165444]  [<ffffffff811105b9>] ? vfs_read+0x93/0xf5
[  286.173136]  [<ffffffff81110732>] ? SyS_read+0x51/0x80
[  286.176403]  [<ffffffff8139c949>] ? system_call_fastpath+0x16/0x1b
[  286.230897] ---[ end trace b74f9ab2dd68c614 ]---

Corey
--
undefined@pobox.com

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 1/1] proc: Fix ptrace-based permission checks for accessing task maps
  2016-02-28  8:39 [PATCH 0/1] proc: Fix ptrace-based permission checks for accessing task maps Corey Wright
@ 2016-02-28  8:42 ` Corey Wright
  2016-02-28 10:00   ` [PATCH stable<3.18 " Jiri Slaby
                     ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Corey Wright @ 2016-02-28  8:42 UTC (permalink / raw)
  To: stable; +Cc: Jann Horn

Modify mm_access() calls in fs/proc/task_mmu.c and fs/proc/task_nommu.c to
have the mode include PTRACE_MODE_FSCREDS so accessing /proc/pid/maps and
/proc/pid/pagemap is not denied to all users.

In backporting upstream commit caaee623 to pre-3.18 kernel versions it was
overlooked that mm_access() is used in fs/proc/task_*mmu.c as those calls
were removed in 3.18 (by upstream commit 29a40ace) and did not exist at the
time of the original commit.

Signed-off-by: Corey Wright <undefined@pobox.com>
Cc: Jann Horn <jann@thejh.net>
---
 fs/proc/task_mmu.c   |    4 ++--
 fs/proc/task_nommu.c |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 9f285fb..b86db12 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -170,7 +170,7 @@ static void *m_start(struct seq_file *m, loff_t *pos)
 	if (!priv->task)
 		return ERR_PTR(-ESRCH);
 
-	mm = mm_access(priv->task, PTRACE_MODE_READ);
+	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
 	if (!mm || IS_ERR(mm))
 		return mm;
 	down_read(&mm->mmap_sem);
@@ -1044,7 +1044,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
 	if (!pm.buffer)
 		goto out_task;
 
-	mm = mm_access(task, PTRACE_MODE_READ);
+	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
 	ret = PTR_ERR(mm);
 	if (!mm || IS_ERR(mm))
 		goto out_free;
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
index 56123a6..123c198 100644
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -223,7 +223,7 @@ static void *m_start(struct seq_file *m, loff_t *pos)
 	if (!priv->task)
 		return ERR_PTR(-ESRCH);
 
-	mm = mm_access(priv->task, PTRACE_MODE_READ);
+	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
 	if (!mm || IS_ERR(mm)) {
 		put_task_struct(priv->task);
 		priv->task = NULL;
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH stable<3.18 1/1] proc: Fix ptrace-based permission checks for accessing task maps
  2016-02-28  8:42 ` [PATCH 1/1] " Corey Wright
@ 2016-02-28 10:00   ` Jiri Slaby
  2016-02-28 11:11   ` [PATCH " Jann Horn
                     ` (2 subsequent siblings)
  3 siblings, 0 replies; 6+ messages in thread
From: Jiri Slaby @ 2016-02-28 10:00 UTC (permalink / raw)
  To: Corey Wright, stable; +Cc: Jann Horn, oleg, roland, Linux kernel mailing list

CCing ptrace guys.

I would appreciate if somebody could ACK this.

On 02/28/2016, 09:42 AM, Corey Wright wrote:
> Modify mm_access() calls in fs/proc/task_mmu.c and fs/proc/task_nommu.c to
> have the mode include PTRACE_MODE_FSCREDS so accessing /proc/pid/maps and
> /proc/pid/pagemap is not denied to all users.
> 
> In backporting upstream commit caaee623 to pre-3.18 kernel versions it was
> overlooked that mm_access() is used in fs/proc/task_*mmu.c as those calls
> were removed in 3.18 (by upstream commit 29a40ace) and did not exist at the
> time of the original commit.
> 
> Signed-off-by: Corey Wright <undefined@pobox.com>
> Cc: Jann Horn <jann@thejh.net>
> ---
>  fs/proc/task_mmu.c   |    4 ++--
>  fs/proc/task_nommu.c |    2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index 9f285fb..b86db12 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -170,7 +170,7 @@ static void *m_start(struct seq_file *m, loff_t *pos)
>  	if (!priv->task)
>  		return ERR_PTR(-ESRCH);
>  
> -	mm = mm_access(priv->task, PTRACE_MODE_READ);
> +	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
>  	if (!mm || IS_ERR(mm))
>  		return mm;
>  	down_read(&mm->mmap_sem);
> @@ -1044,7 +1044,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
>  	if (!pm.buffer)
>  		goto out_task;
>  
> -	mm = mm_access(task, PTRACE_MODE_READ);
> +	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
>  	ret = PTR_ERR(mm);
>  	if (!mm || IS_ERR(mm))
>  		goto out_free;
> diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
> index 56123a6..123c198 100644
> --- a/fs/proc/task_nommu.c
> +++ b/fs/proc/task_nommu.c
> @@ -223,7 +223,7 @@ static void *m_start(struct seq_file *m, loff_t *pos)
>  	if (!priv->task)
>  		return ERR_PTR(-ESRCH);
>  
> -	mm = mm_access(priv->task, PTRACE_MODE_READ);
> +	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
>  	if (!mm || IS_ERR(mm)) {
>  		put_task_struct(priv->task);
>  		priv->task = NULL;
> 


-- 
js
suse labs

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/1] proc: Fix ptrace-based permission checks for accessing task maps
  2016-02-28  8:42 ` [PATCH 1/1] " Corey Wright
  2016-02-28 10:00   ` [PATCH stable<3.18 " Jiri Slaby
@ 2016-02-28 11:11   ` Jann Horn
  2016-03-01  8:15   ` Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.10-stable tree gregkh
  2016-03-01  8:15   ` Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.14-stable tree gregkh
  3 siblings, 0 replies; 6+ messages in thread
From: Jann Horn @ 2016-02-28 11:11 UTC (permalink / raw)
  To: Corey Wright; +Cc: stable

[-- Attachment #1: Type: text/plain, Size: 2324 bytes --]

On Sun, Feb 28, 2016 at 02:42:39AM -0600, Corey Wright wrote:
> Modify mm_access() calls in fs/proc/task_mmu.c and fs/proc/task_nommu.c to
> have the mode include PTRACE_MODE_FSCREDS so accessing /proc/pid/maps and
> /proc/pid/pagemap is not denied to all users.
> 
> In backporting upstream commit caaee623 to pre-3.18 kernel versions it was
> overlooked that mm_access() is used in fs/proc/task_*mmu.c as those calls
> were removed in 3.18 (by upstream commit 29a40ace) and did not exist at the
> time of the original commit.

The patch looks good to me, the FSCREDS mode is appropriate there.

(Note: There is probably going to be another patch that touches lots of
procfs stuff soon, and if it gets backported, the functions changed in
this patch should probably be changed for that backport again.)


> Signed-off-by: Corey Wright <undefined@pobox.com>
> Cc: Jann Horn <jann@thejh.net>
> ---
>  fs/proc/task_mmu.c   |    4 ++--
>  fs/proc/task_nommu.c |    2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
> index 9f285fb..b86db12 100644
> --- a/fs/proc/task_mmu.c
> +++ b/fs/proc/task_mmu.c
> @@ -170,7 +170,7 @@ static void *m_start(struct seq_file *m, loff_t *pos)
>  	if (!priv->task)
>  		return ERR_PTR(-ESRCH);
>  
> -	mm = mm_access(priv->task, PTRACE_MODE_READ);
> +	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
>  	if (!mm || IS_ERR(mm))
>  		return mm;
>  	down_read(&mm->mmap_sem);
> @@ -1044,7 +1044,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
>  	if (!pm.buffer)
>  		goto out_task;
>  
> -	mm = mm_access(task, PTRACE_MODE_READ);
> +	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
>  	ret = PTR_ERR(mm);
>  	if (!mm || IS_ERR(mm))
>  		goto out_free;
> diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
> index 56123a6..123c198 100644
> --- a/fs/proc/task_nommu.c
> +++ b/fs/proc/task_nommu.c
> @@ -223,7 +223,7 @@ static void *m_start(struct seq_file *m, loff_t *pos)
>  	if (!priv->task)
>  		return ERR_PTR(-ESRCH);
>  
> -	mm = mm_access(priv->task, PTRACE_MODE_READ);
> +	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
>  	if (!mm || IS_ERR(mm)) {
>  		put_task_struct(priv->task);
>  		priv->task = NULL;
> -- 
> 1.7.9.5

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.10-stable tree
  2016-02-28  8:42 ` [PATCH 1/1] " Corey Wright
  2016-02-28 10:00   ` [PATCH stable<3.18 " Jiri Slaby
  2016-02-28 11:11   ` [PATCH " Jann Horn
@ 2016-03-01  8:15   ` gregkh
  2016-03-01  8:15   ` Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.14-stable tree gregkh
  3 siblings, 0 replies; 6+ messages in thread
From: gregkh @ 2016-03-01  8:15 UTC (permalink / raw)
  To: undefined, gregkh, jann; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    proc: Fix ptrace-based permission checks for accessing task maps

to the 3.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     proc-fix-ptrace-based-permission-checks-for-accessing-task-maps.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From undefined@pobox.com  Mon Feb 29 22:02:13 2016
From: Corey Wright <undefined@pobox.com>
Date: Sun, 28 Feb 2016 02:42:39 -0600
Subject: proc: Fix ptrace-based permission checks for accessing task maps
To: stable@vger.kernel.org
Cc: Jann Horn <jann@thejh.net>
Message-ID: <20160228024239.c82b6c2db17c670611ee6b16@pobox.com>

From: Corey Wright <undefined@pobox.com>

Modify mm_access() calls in fs/proc/task_mmu.c and fs/proc/task_nommu.c to
have the mode include PTRACE_MODE_FSCREDS so accessing /proc/pid/maps and
/proc/pid/pagemap is not denied to all users.

In backporting upstream commit caaee623 to pre-3.18 kernel versions it was
overlooked that mm_access() is used in fs/proc/task_*mmu.c as those calls
were removed in 3.18 (by upstream commit 29a40ace) and did not exist at the
time of the original commit.

Signed-off-by: Corey Wright <undefined@pobox.com>
Acked-by: Jann Horn <jann@thejh.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/proc/task_mmu.c   |    4 ++--
 fs/proc/task_nommu.c |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -170,7 +170,7 @@ static void *m_start(struct seq_file *m,
 	if (!priv->task)
 		return ERR_PTR(-ESRCH);
 
-	mm = mm_access(priv->task, PTRACE_MODE_READ);
+	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
 	if (!mm || IS_ERR(mm))
 		return mm;
 	down_read(&mm->mmap_sem);
@@ -1044,7 +1044,7 @@ static ssize_t pagemap_read(struct file
 	if (!pm.buffer)
 		goto out_task;
 
-	mm = mm_access(task, PTRACE_MODE_READ);
+	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
 	ret = PTR_ERR(mm);
 	if (!mm || IS_ERR(mm))
 		goto out_free;
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -223,7 +223,7 @@ static void *m_start(struct seq_file *m,
 	if (!priv->task)
 		return ERR_PTR(-ESRCH);
 
-	mm = mm_access(priv->task, PTRACE_MODE_READ);
+	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
 	if (!mm || IS_ERR(mm)) {
 		put_task_struct(priv->task);
 		priv->task = NULL;


Patches currently in stable-queue which might be from undefined@pobox.com are

queue-3.10/proc-fix-ptrace-based-permission-checks-for-accessing-task-maps.patch

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.14-stable tree
  2016-02-28  8:42 ` [PATCH 1/1] " Corey Wright
                     ` (2 preceding siblings ...)
  2016-03-01  8:15   ` Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.10-stable tree gregkh
@ 2016-03-01  8:15   ` gregkh
  3 siblings, 0 replies; 6+ messages in thread
From: gregkh @ 2016-03-01  8:15 UTC (permalink / raw)
  To: undefined, gregkh, jann; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    proc: Fix ptrace-based permission checks for accessing task maps

to the 3.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     proc-fix-ptrace-based-permission-checks-for-accessing-task-maps.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From undefined@pobox.com  Mon Feb 29 22:02:13 2016
From: Corey Wright <undefined@pobox.com>
Date: Sun, 28 Feb 2016 02:42:39 -0600
Subject: proc: Fix ptrace-based permission checks for accessing task maps
To: stable@vger.kernel.org
Cc: Jann Horn <jann@thejh.net>
Message-ID: <20160228024239.c82b6c2db17c670611ee6b16@pobox.com>

From: Corey Wright <undefined@pobox.com>

Modify mm_access() calls in fs/proc/task_mmu.c and fs/proc/task_nommu.c to
have the mode include PTRACE_MODE_FSCREDS so accessing /proc/pid/maps and
/proc/pid/pagemap is not denied to all users.

In backporting upstream commit caaee623 to pre-3.18 kernel versions it was
overlooked that mm_access() is used in fs/proc/task_*mmu.c as those calls
were removed in 3.18 (by upstream commit 29a40ace) and did not exist at the
time of the original commit.

Signed-off-by: Corey Wright <undefined@pobox.com>
Acked-by: Jann Horn <jann@thejh.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/proc/task_mmu.c   |    4 ++--
 fs/proc/task_nommu.c |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -165,7 +165,7 @@ static void *m_start(struct seq_file *m,
 	if (!priv->task)
 		return ERR_PTR(-ESRCH);
 
-	mm = mm_access(priv->task, PTRACE_MODE_READ);
+	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
 	if (!mm || IS_ERR(mm))
 		return mm;
 	down_read(&mm->mmap_sem);
@@ -1182,7 +1182,7 @@ static ssize_t pagemap_read(struct file
 	if (!pm.buffer)
 		goto out_task;
 
-	mm = mm_access(task, PTRACE_MODE_READ);
+	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
 	ret = PTR_ERR(mm);
 	if (!mm || IS_ERR(mm))
 		goto out_free;
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -216,7 +216,7 @@ static void *m_start(struct seq_file *m,
 	if (!priv->task)
 		return ERR_PTR(-ESRCH);
 
-	mm = mm_access(priv->task, PTRACE_MODE_READ);
+	mm = mm_access(priv->task, PTRACE_MODE_READ_FSCREDS);
 	if (!mm || IS_ERR(mm)) {
 		put_task_struct(priv->task);
 		priv->task = NULL;


Patches currently in stable-queue which might be from undefined@pobox.com are

queue-3.14/proc-fix-ptrace-based-permission-checks-for-accessing-task-maps.patch

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2016-03-01  8:16 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-28  8:39 [PATCH 0/1] proc: Fix ptrace-based permission checks for accessing task maps Corey Wright
2016-02-28  8:42 ` [PATCH 1/1] " Corey Wright
2016-02-28 10:00   ` [PATCH stable<3.18 " Jiri Slaby
2016-02-28 11:11   ` [PATCH " Jann Horn
2016-03-01  8:15   ` Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.10-stable tree gregkh
2016-03-01  8:15   ` Patch "proc: Fix ptrace-based permission checks for accessing task maps" has been added to the 3.14-stable tree gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).