diff options
| author | Christian Brauner <brauner@kernel.org> | 2025-02-11 18:16:00 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-03-13 12:47:30 +0100 |
| commit | 524fb2b88025d61a62238d7017b8f34237a102e2 (patch) | |
| tree | ef0342f933e967fc7ebc7e22c8f7a8a2ad309c07 /kernel | |
| parent | 28835869ba6554c94d23f0d03936dd83713cb218 (diff) | |
| download | linux-524fb2b88025d61a62238d7017b8f34237a102e2.tar.gz linux-524fb2b88025d61a62238d7017b8f34237a102e2.tar.bz2 linux-524fb2b88025d61a62238d7017b8f34237a102e2.zip | |
acct: block access to kernel internal filesystems
commit 890ed45bde808c422c3c27d3285fc45affa0f930 upstream.
There's no point in allowing anything kernel internal nor procfs or
sysfs.
Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com
Link: https://lore.kernel.org/r/20250211-work-acct-v1-2-1c16aecab8b3@kernel.org
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reported-by: Zicheng Qu <quzicheng@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/acct.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/kernel/acct.c b/kernel/acct.c index 12f7dacf560e..6552eb22dd1e 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -216,6 +216,20 @@ static int acct_on(struct filename *pathname) return -EACCES; } + /* Exclude kernel kernel internal filesystems. */ + if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) { + kfree(acct); + filp_close(file, NULL); + return -EINVAL; + } + + /* Exclude procfs and sysfs. */ + if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) { + kfree(acct); + filp_close(file, NULL); + return -EINVAL; + } + if (!(file->f_mode & FMODE_CAN_WRITE)) { kfree(acct); filp_close(file, NULL); |