lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Mar 2018 03:12:23 +0300 From: Alexey Dobriyan <adobriyan@...il.com> To: akpm@...ux-foundation.org Cc: linux-kernel@...r.kernel.org, eric.dumazet@...il.com, xiyou.wangcong@...il.com, fw@...len.de Subject: [PATCH] proc: reject "." and ".." as filenames Various subsystems can create files and directories in /proc with names directly controlled by userspace. Which means "/", "." and ".." are no-no. "/" split is already taken care of, do the other 2 prohibited names. Signed-off-by: Alexey Dobriyan <adobriyan@...il.com> --- fs/proc/generic.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -366,6 +366,14 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent, WARN(1, "name len %u\n", qstr.len); return NULL; } + if (qstr.len == 1 && fn[0] == '.') { + WARN(1, "name '.'\n"); + return NULL; + } + if (qstr.len == 2 && fn[0] == '.' && fn[1] == '.') { + WARN(1, "name '..'\n"); + return NULL; + } if (*parent == &proc_root && name_to_int(&qstr) != ~0U) { WARN(1, "create '/proc/%s' by hand\n", qstr.name); return NULL;
Powered by blists - more mailing lists