From 4a7ac3ab06932949d3069c1811f6f2a310f656c4 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@osdl.org>
Date: Fri, 14 Jul 2006 23:59:02 +0000
Subject: [PATCH] Fix nasty /proc vulnerability (CVE-2006-3626)

Fix nasty /proc vulnerability

We have a bad interaction with both the kernel and user space being able
to change some of the /proc file status.  This fixes the most obvious
part of it, but I expect we'll also make it harder for users to modify
even their "own" files in /proc.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 fs/proc/base.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6cc77dc3f3f..5a8b89a8a46 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1404,6 +1404,7 @@ static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 		} else {
 			inode->i_uid = 0;
 			inode->i_gid = 0;
+			inode->i_mode = 0;
 		}
 		security_task_to_inode(task, inode);
 		return 1;
-- 
cgit v1.2.3