From patchwork Tue Oct  4 13:22:39 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
 natty/ti-omap4, oneiric, oneiric/ti-omap4, CVE,
 1/1] Make TASKSTATS require root access
Date: Tue, 04 Oct 2011 03:22:39 -0000
From: Andy Whitcroft <apw@canonical.com>
X-Patchwork-Id: 117621
Message-Id: <1317734559-23462-2-git-send-email-apw@canonical.com>
To: kernel-team@lists.ubuntu.com
Cc: Andy Whitcroft <apw@canonical.com>

From: Linus Torvalds <torvalds@linux-foundation.org>

Ok, this isn't optimal, since it means that 'iotop' needs admin
capabilities, and we may have to work on this some more.  But at the
same time it is very much not acceptable to let anybody just read
anybody elses IO statistics quite at this level.

Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
to checking the capabilities by hand.

Reported-by: Vasiliy Kulikov <segoon@openwall.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(cherry picked from commit 1a51410abe7d0ee4b1d112780f46df87d3621043)
CVE-2011-2494
BugLink: http://bugs.launchpad.net/bugs/866021
Signed-off-by: Andy Whitcroft <apw@canonical.com>

---
kernel/taskstats.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/kernel/taskstats.c b/kernel/taskstats.c
index 99e20d1..c9abf5b 100644
--- a/kernel/taskstats.c
+++ b/kernel/taskstats.c
@@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = {
 	.cmd		= TASKSTATS_CMD_GET,
 	.doit		= taskstats_user_cmd,
 	.policy		= taskstats_cmd_get_policy,
+	.flags		= GENL_ADMIN_PERM,
 };
 
 static struct genl_ops cgroupstats_ops = {