Project

General

Profile

Actions

Bug #7696

closed

procfs lacks adequate access checks for CREAT actions

Added by Patrick Mooney almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Category:
kernel
Start date:
2016-12-28
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

We (Joyent) were contacted about procfs failing to perform adequate access checks when the O_CREAT flag is passed to open(2). This was cited as a vector for local privilege escalation. (Nothing outside of a zone, though.) While I had some trouble getting the PoC to work properly, it was clear that the access checks were missing.

Our fix is here

Actions #1

Updated by Electric Monk almost 5 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit fee52838cd1191a3efe83b67de7bccdd401af35e

commit  fee52838cd1191a3efe83b67de7bccdd401af35e
Author: Patrick Mooney <pmooney@pfmooney.com>
Date:   2016-12-29T23:56:00.000Z

    7696 procfs lacks adequate access checks for CREAT actions
    Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
    Reviewed by: Alex Wilson <alex.wilson@joyent.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Actions

Also available in: Atom PDF