proc: prevent changes to overridden credentials
commit 35a196bef449b5824033865b963ed9a43fb8c730 upstream. Prevent userspace from changing the the /proc/PID/attr values if the task's credentials are currently overriden. This not only makes sense conceptually, it also prevents some really bizarre error cases caused when trying to commit credentials to a task with overridden credentials. Cc: <stable@vger.kernel.org> Reported-by: N"chengjian (D)" <cj.chengjian@huawei.com> Signed-off-by: NPaul Moore <paul@paul-moore.com> Acked-by: NJohn Johansen <john.johansen@canonical.com> Acked-by: NJames Morris <james.morris@microsoft.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing
想要评论请 注册 或 登录