From patchwork Tue Oct  4 13:22:39 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andy Whitcroft <apw@canonical.com>
X-Patchwork-Id: 117621
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from chlorine.canonical.com (chlorine.canonical.com
	[91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 447FDB6F75
	for <incoming@patchwork.ozlabs.org>;
	Wed,  5 Oct 2011 00:23:03 +1100 (EST)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1RB4xR-0005kx-VH; Tue, 04 Oct 2011 13:22:54 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <apw@canonical.com>) id 1RB4xO-0005kG-DZ
	for kernel-team@lists.ubuntu.com; Tue, 04 Oct 2011 13:22:50 +0000
Received: from 212-139-214-120.dynamic.dsl.as9105.com ([212.139.214.120]
	helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa
	(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
	(envelope-from <apw@canonical.com>)
	id 1RB4xN-0004lo-T9; Tue, 04 Oct 2011 13:22:50 +0000
From: Andy Whitcroft <apw@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
	natty/ti-omap4, oneiric,
	oneiric/ti-omap4 CVE 1/1] Make TASKSTATS require root access
Date: Tue,  4 Oct 2011 14:22:39 +0100
Message-Id: <1317734559-23462-2-git-send-email-apw@canonical.com>
X-Mailer: git-send-email 1.7.4.1
In-Reply-To: <1317734559-23462-1-git-send-email-apw@canonical.com>
References: <1317734559-23462-1-git-send-email-apw@canonical.com>
Cc: Andy Whitcroft <apw@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

From: Linus Torvalds <torvalds@linux-foundation.org>

Ok, this isn't optimal, since it means that 'iotop' needs admin
capabilities, and we may have to work on this some more.  But at the
same time it is very much not acceptable to let anybody just read
anybody elses IO statistics quite at this level.

Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
to checking the capabilities by hand.

Reported-by: Vasiliy Kulikov <segoon@openwall.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(cherry picked from commit 1a51410abe7d0ee4b1d112780f46df87d3621043)
CVE-2011-2494
BugLink: http://bugs.launchpad.net/bugs/866021
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 kernel/taskstats.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/kernel/taskstats.c b/kernel/taskstats.c
index 99e20d1..c9abf5b 100644
--- a/kernel/taskstats.c
+++ b/kernel/taskstats.c
@@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = {
 	.cmd		= TASKSTATS_CMD_GET,
 	.doit		= taskstats_user_cmd,
 	.policy		= taskstats_cmd_get_policy,
+	.flags		= GENL_ADMIN_PERM,
 };
 
 static struct genl_ops cgroupstats_ops = {