Please pick this commit for 4.14 and older stable branches:
commit 8e7df2b5b7f245c9bd11064712db5cb69044a362 Author: Ingo Molnar mingo@kernel.org Date: Mon Nov 13 07:15:41 2017 +0100
timer/debug: Change /proc/timer_list from 0444 to 0400
In older kernel versions this file makes it far too easy to exploit arbitrary-write bugs. It's possible to hide the pointers from unprivileged users by setting the kernel.kptr_restrict sysctl, but that wasn't done by default.
(Upstream commits c1eba5bcb643 "timer: Pass timer_list pointer to callbacks unconditionally" and ad67b74d2469 "printk: hash addresses printed with %p" provide more general mitigations, but don't seem to be suitable for stable.)
Ben.
On Mon, Dec 17, 2018 at 10:01:03PM +0000, Ben Hutchings wrote:
Please pick this commit for 4.14 and older stable branches:
commit 8e7df2b5b7f245c9bd11064712db5cb69044a362 Author: Ingo Molnar mingo@kernel.org Date: Mon Nov 13 07:15:41 2017 +0100
timer/debug: Change /proc/timer_list from 0444 to 0400
In older kernel versions this file makes it far too easy to exploit arbitrary-write bugs. It's possible to hide the pointers from unprivileged users by setting the kernel.kptr_restrict sysctl, but that wasn't done by default.
(Upstream commits c1eba5bcb643 "timer: Pass timer_list pointer to callbacks unconditionally" and ad67b74d2469 "printk: hash addresses printed with %p" provide more general mitigations, but don't seem to be suitable for stable.)
I've queued 8e7df2b5b7f2 for <=4.14, thank you.
-- Thanks, Sasha
linux-stable-mirror@lists.linaro.org
-
Ben Hutchings -
Sasha Levin