ACK: [hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, natty/ti-omap4, oneiric, oneiric/ti-omap4 CVE 1/1] Make TASKSTATS require root access

[Tim Gardner]

On 10/04/2011 07:22 AM, Andy Whitcroft wrote:
> From: Linus Torvalds<torvalds at linux-foundation.org>
>
> Ok, this isn't optimal, since it means that 'iotop' needs admin
> capabilities, and we may have to work on this some more.  But at the
> same time it is very much not acceptable to let anybody just read
> anybody elses IO statistics quite at this level.
>
> Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
> to checking the capabilities by hand.
>
> Reported-by: Vasiliy Kulikov<segoon at openwall.com>
> Cc: Johannes Berg<johannes.berg at intel.com>
> Acked-by: Balbir Singh<bsingharora at gmail.com>
> Signed-off-by: Linus Torvalds<torvalds at linux-foundation.org>
>
> (cherry picked from commit 1a51410abe7d0ee4b1d112780f46df87d3621043)
> CVE-2011-2494
> BugLink: http://bugs.launchpad.net/bugs/866021
> Signed-off-by: Andy Whitcroft<apw at canonical.com>
> ---
>   kernel/taskstats.c |    1 +
>   1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/taskstats.c b/kernel/taskstats.c
> index 99e20d1..c9abf5b 100644
> --- a/kernel/taskstats.c
> +++ b/kernel/taskstats.c
> @@ -583,6 +583,7 @@ static struct genl_ops taskstats_ops = {
>   	.cmd		= TASKSTATS_CMD_GET,
>   	.doit		= taskstats_user_cmd,
>   	.policy		= taskstats_cmd_get_policy,
> +	.flags		= GENL_ADMIN_PERM,
>   };
>
>   static struct genl_ops cgroupstats_ops = {


-- 
Tim Gardner tim.gardner at canonical.com