Fix commit_creds()'s handling of a process that has no mm (such as one that is
calling or has called daemonize()). commit_creds() should check to see if
task->mm is not NULL before calling set_dumpable() on it.
Reported-by: Jiri Slaby <[email protected]>
Signed-off-by: David Howells <[email protected]>
---
kernel/cred.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/kernel/cred.c b/kernel/cred.c
index ff7bc07..480a61a 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -372,7 +372,8 @@ int commit_creds(struct cred *new)
old->fsuid != new->fsuid ||
old->fsgid != new->fsgid ||
!cap_issubset(new->cap_permitted, old->cap_permitted)) {
- set_dumpable(task->mm, suid_dumpable);
+ if (task->mm)
+ set_dumpable(task->mm, suid_dumpable);
task->pdeath_signal = 0;
smp_wmb();
}
On Thu, 8 Jan 2009, David Howells wrote:
> Fix commit_creds()'s handling of a process that has no mm (such as one that is
> calling or has called daemonize()). commit_creds() should check to see if
> task->mm is not NULL before calling set_dumpable() on it.
This looks correct in its own right, and is available for Linus to pull
per below, but I'd also like to know that Jiri's problem is verified to be
fixed.
The following changes since commit 9e42d0cf5020aaf217433cad1a224745241d212a:
Linus Torvalds (1):
Merge git://git.kernel.org/.../davem/sparc-2.6
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus
David Howells (1):
CRED: Fix commit_creds() on a process that has no mm
kernel/cred.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
On 01/08/2009 01:46 PM, James Morris wrote:
> This looks correct in its own right, and is available for Linus to pull
> per below, but I'd also like to know that Jiri's problem is verified to be
> fixed.
It fixes the issue, indeed. Thanks.