mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 07:13:34 +00:00
Code Issues Releases Wiki Activity
No description
731665 commits 105 branches 5124 tags 5.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Tejun Heo a70bcf9ed0 cgroup: Use open-time credentials for process migraton perm checks 
commit 1756d7994a upstream.

cgroup process migration permission checks are performed at write time as
whether a given operation is allowed or not is dependent on the content of
the write - the PID. This currently uses current's credentials which is a
potential security weakness as it may allow scenarios where a less
privileged process tricks a more privileged one into writing into a fd that
it created.

This patch makes both cgroup2 and cgroup1 process migration interfaces to
use the credentials saved at the time of open (file->f_cred) instead of
current's.

Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Fixes: 187fe84067 ("cgroup: require write perm on common ancestor when moving processes on the default hierarchy")
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
[OP: backport to v4.14: apply original __cgroup_procs_write() changes to
cgroup_threads_write() and cgroup_procs_write()]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 09:08:30 +02:00
arch arm64: module: remove (NOLOAD) from linker script 2022-04-20 09:08:30 +02:00
block block: bio-integrity: Advance seed correctly for larger interval sizes 2022-02-08 18:16:28 +01:00
certs certs: Trigger creation of RSA module signing key if it's not an RSA key 2021-09-22 11:45:19 +02:00
crypto crypto: authenc - Fix sleep in atomic context in decrypt_tail 2022-04-20 09:08:12 +02:00
Documentation Documentation: update stable tree link 2022-04-20 09:08:09 +02:00
drivers dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" 2022-04-20 09:08:30 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:20:30 +01:00
fs btrfs: fix qgroup reserve overflow the qgroup limit 2022-04-20 09:08:30 +02:00
include mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning 2022-04-20 09:08:30 +02:00
init init/main.c: return 1 from handled __setup() functions 2022-04-20 09:08:28 +02:00
ipc ipc: WARN if trying to remove ipc object which is absent 2021-12-08 08:46:53 +01:00
kernel cgroup: Use open-time credentials for process migraton perm checks 2022-04-20 09:08:30 +02:00
lib lib/test: use after free in register_test_dev_kmod() 2022-04-20 09:08:21 +02:00
mm mm: don't skip swap entry even if zap_details specified 2022-04-20 09:08:30 +02:00
net net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
samples samples/kretprobes: Fix return value if register_kretprobe() failed 2021-11-26 11:40:31 +01:00
scripts Makefile.extrawarn: Move -Wunaligned-access to W=1 2022-02-23 11:57:32 +01:00
security Fix incorrect type in assignment of ipv6 port for audit 2022-04-20 09:08:21 +02:00
sound ASoC: topology: Allow TLV control to be either read or write 2022-04-20 09:08:25 +02:00
tools tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts 2022-04-20 09:08:30 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:34:19 +02:00
virt KVM: Prevent module exit until all VMs are freed 2022-04-20 09:08:24 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS MAINTAINERS: Update drm/i915 bug filing URL 2020-02-28 16:36:12 +01:00
Makefile Linux 4.14.275 2022-04-02 12:41:10 +02:00
README

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.