Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp507525yba; Wed, 15 May 2019 05:20:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqxZPIqDAV4XA8wqUh33unNfXjZZLVnMqwtaAeU+z6ToUXU3lNWjTFFnKLvMVkhnOAN37c09 X-Received: by 2002:a17:902:b094:: with SMTP id p20mr21282347plr.164.1557922845434; Wed, 15 May 2019 05:20:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557922845; cv=none; d=google.com; s=arc-20160816; b=NCOT73iy0cVHRo7ImjbC0OmToSnGYo6LfBMopcQgBRKBcQ7jUShhlwJzgs/cdNQAHd AWaljdXSVbIvYq4IeyQcFrRHLDB9fcSZ+w/S+tqUMSML8iengmHWB4fhCG1EQqPqoiu6 w6SijWVJTouA4kjjsYx+lw4q4LP71UJZMbE/sRaOk0JKz17kUT2fSeLBj04sYkya5SLN yrceNGr/Ya5h9UtJQgEI42qqqcmC8Rd5RESgtgSSlzMshwU3pg7kKxUhT/973aY0WbFq 2j3/ko0Bnlnr5RVCunBjPb5ip9F0NAW56gKY5DX92AONDO3GdK/TCNAmHkmz7L8q+zhH A7zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=y3zAhy+odBaS2L03v78688XzLt/arrFHPPGa8GQN8Gg=; b=M0HdExNqbQExvRYsKBTEGyIlHFQIBvUGd/vtVaSy96H2MtKwuFBN6nu/gUo/QHj+vS rLvsQ8OX89dHakCkR+q/eknjE0m/L8WVrgJhCMBzmfQaPFul04PH9HKPWkwhLY59GmfE lizrVjB87ZX2eydUFX6q8b8fvWwY7c9AaILj5zZAHacXQ/l7++8gSwbDshs1yzVu+2sM gLLkVCNoYlvJAvt8w2MuuMdyduYEn66DR4tnd0itt+2pjhsPNn9ieyDMqpcfV+sKR1rK YLHrYxZ56Ns7mcQcG7bOgbSAV5pRyfyZZslAUPPl7LWxQfnSypL1BxIAVHOdM8YDqQCa oYow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0HRCxhto; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 14si1893408pfu.76.2019.05.15.05.20.30; Wed, 15 May 2019 05:20:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0HRCxhto; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727643AbfEOMSJ (ORCPT + 99 others); Wed, 15 May 2019 08:18:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:58578 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727722AbfEOLBc (ORCPT ); Wed, 15 May 2019 07:01:32 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BFEE620881; Wed, 15 May 2019 11:01:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1557918092; bh=0TjL81IqbnAkiwaGUHAMMPYNKAiIgC8Ggtg0x3pthj8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0HRCxhtow9y3mttV/hbZW2TGDpn1C64Cz/vlF8gaFLKC/DBcUHl3cwlT9TeimDLsF chS7ufSBm4tQJ8y0N9y7euNR0DhCf2o5ClwxQkNqGjFY/QUxbtfOgMlWSSOOPUwbZp r5/JHefHIELzZhe2kkRDhj2KlmGarihLmtUlOnDU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ben Hutchings Subject: [PATCH 3.18 62/86] timer/debug: Change /proc/timer_stats from 0644 to 0600 Date: Wed, 15 May 2019 12:55:39 +0200 Message-Id: <20190515090654.500455106@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190515090642.339346723@linuxfoundation.org> References: <20190515090642.339346723@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ben Hutchings The timer_stats facility should filter and translate PIDs if opened from a non-initial PID namespace, to avoid leaking information about the wider system. It should also not show kernel virtual addresses. Unfortunately it has now been removed upstream (as redundant) instead of being fixed. For stable, fix the leak by restricting access to root only. A similar change was already made for the /proc/timer_list file. Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman --- kernel/time/timer_stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/time/timer_stats.c +++ b/kernel/time/timer_stats.c @@ -417,7 +417,7 @@ static int __init init_tstats_procfs(voi { struct proc_dir_entry *pe; - pe = proc_create("timer_stats", 0644, NULL, &tstats_fops); + pe = proc_create("timer_stats", 0600, NULL, &tstats_fops); if (!pe) return -ENOMEM; return 0;