diff options
author | Thomas Gleixner <[email protected]> | 2019-09-05 23:15:08 +0200 |
---|---|---|
committer | Thomas Gleixner <[email protected]> | 2019-09-10 12:13:07 +0100 |
commit | 77b4b5420422fc037d00b8f3f0e89b2262e4ae29 (patch) | |
tree | cee7c8992713ec720329fc0d28d832fabc0923d1 /net/unix/unix_bpf.c | |
parent | 00d9e47f8ec2a293db9ebed86aab0583d9a49533 (diff) |
posix-cpu-timers: Fix permission check regression
The recent consolidation of the three permission checks introduced a subtle
regression. For timer_create() with a process wide timer it returns the
current task if the lookup through the PID which is encoded into the
clockid results in returning current.
That's broken because it does not validate whether the current task is the
group leader.
That was caused by the two different variants of permission checks:
- posix_cpu_timer_get() allowed access to the process wide clock when the
looked up task is current. That's not an issue because the process wide
clock is in the shared sighand.
- posix_cpu_timer_create() made sure that the looked up task is the group
leader.
Restore the previous state.
Note, that these permission checks are more than questionable, but that's
subject to follow up changes.
Fixes: 6ae40e3fdcd3 ("posix-cpu-timers: Provide task validation functions")
Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: Frederic Weisbecker <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Diffstat (limited to 'net/unix/unix_bpf.c')
0 files changed, 0 insertions, 0 deletions