diff options
| author | Jann Horn <jannh@google.com> | 2026-05-18 18:35:16 +0200 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2026-06-05 10:00:55 +0200 |
| commit | 6255da28d4bb5349fe18e84cb043ccd394eba75d (patch) | |
| tree | 03a43424fca41ffbb0e2b304be927aad8089727c /include/linux | |
| parent | 6650527444dadc63d84aa939d14ecba4fadb2f69 (diff) | |
proc: protect ptrace_may_access() with exec_update_lock (FD links)
proc_pid_get_link() and proc_pid_readlink() currently look up the task from
the pid once, then do the ptrace access check on that task, then look up
the task from the pid a second time to do the actual access.
That's racy in several ways.
To fix it, pass the task to the ->proc_get_link() handler, and instead of
proc_fd_access_allowed(), introduce a new helper call_proc_get_link() that
looks up and locks the task, does the access check, and calls
->proc_get_link().
Fixes: 778c1144771f ("[PATCH] proc: Use sane permission checks on the /proc/<pid>/fd/ symlinks")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://patch.msgid.link/20260518-procfs-lockfix-part1-v1-2-5c3d20e0ac33@google.com
Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions