torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code

acct: block access to kernel internal filesystems

Browse Source 
There's no point in allowing anything kernel internal nor procfs or
sysfs.

Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com
Link: https://lore.kernel.org/r/20250211-work-acct-v1-2-1c16aecab8b3@kernel.org
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reported-by: Zicheng Qu <quzicheng@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
Christian Brauner 2025-02-11 18:16:00 +01:00
parent 56d5f3eba3
commit 890ed45bde
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
kernel/acct.c
View File

@ -243,6 +243,20 @@ static int acct_on(struct filename *pathname)
return -EACCES; return -EACCES;
} }
/* Exclude kernel kernel internal filesystems. */
if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
kfree(acct);
filp_close(file, NULL);
return -EINVAL;
}
/* Exclude procfs and sysfs. */
if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
kfree(acct);
filp_close(file, NULL);
return -EINVAL;
}
if (!(file->f_mode & FMODE_CAN_WRITE)) { if (!(file->f_mode & FMODE_CAN_WRITE)) {
kfree(acct); kfree(acct);
filp_close(file, NULL); filp_close(file, NULL);