Commit 2e0ad552 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by Linus Torvalds
Browse files

proc: revalidate kernel thread inodes to root:root

task_dump_owner() has the following code:

	mm = task->mm;
	if (mm) {
		if (get_dumpable(mm) != SUID_DUMP_USER) {
			uid = ...

Check for ->mm is buggy -- kernel thread might be borrowing mm
and inode will go to some random uid:gid pair.


Signed-off-by: default avatarAlexey Dobriyan <>
Cc: "Eric W. Biederman" <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 1e630665
......@@ -1693,6 +1693,12 @@ void task_dump_owner(struct task_struct *task, umode_t mode,
kuid_t uid;
kgid_t gid;
if (unlikely(task->flags & PF_KTHREAD)) {
/* Default to the tasks effective ownership */
cred = __task_cred(task);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment