ACK: [hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, natty/ti-omap4, oneiric, oneiric/ti-omap4 CVE 1/1] Make TASKSTATS require root access
Stefan Bader
stefan.bader at canonical.com
Tue Oct 4 13:46:38 UTC 2011
On 04.10.2011 15:22, Andy Whitcroft wrote:
> From: Linus Torvalds <torvalds at linux-foundation.org>
>
> Ok, this isn't optimal, since it means that 'iotop' needs admin
> capabilities, and we may have to work on this some more. But at the
> same time it is very much not acceptable to let anybody just read
> anybody elses IO statistics quite at this level.
>
> Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
> to checking the capabilities by hand.
>
> Reported-by: Vasiliy Kulikov <segoon at openwall.com>
> Cc: Johannes Berg <johannes.berg at intel.com>
> Acked-by: Balbir Singh <bsingharora at gmail.com>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
>
> (cherry picked from commit 1a51410abe7d0ee4b1d112780f46df87d3621043)
> CVE-2011-2494
> BugLink: http://bugs.launchpad.net/bugs/866021
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
> ---
> kernel/taskstats.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/taskstats.c b/kernel/taskstats.c
> index 99e20d1..c9abf5b 100644
> --- a/kernel/taskstats.c
> +++ b/kernel/taskstats.c
> @@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = {
> .cmd = TASKSTATS_CMD_GET,
> .doit = taskstats_user_cmd,
> .policy = taskstats_cmd_get_policy,
> + .flags = GENL_ADMIN_PERM,
> };
>
> static struct genl_ops cgroupstats_ops = {
More information about the kernel-team
mailing list