procfs lacks adequate access checks for CREAT actions
We (Joyent) were contacted about procfs failing to perform adequate access checks when the O_CREAT flag is passed to open(2). This was cited as a vector for local privilege escalation. (Nothing outside of a zone, though.) While I had some trouble getting the PoC to work properly, it was clear that the access checks were missing.
Our fix is here
Updated by Electric Monk almost 5 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
commit fee52838cd1191a3efe83b67de7bccdd401af35e Author: Patrick Mooney <email@example.com> Date: 2016-12-29T23:56:00.000Z 7696 procfs lacks adequate access checks for CREAT actions Reviewed by: Jerry Jelinek <firstname.lastname@example.org> Reviewed by: Alex Wilson <email@example.com> Reviewed by: Dan McDonald <firstname.lastname@example.org> Approved by: Richard Lowe <email@example.com>