mount08 test of ltp's latest stable expects that we cannot mount in /proc/<pid>/fd/<nr>. These commits responsible are present in vz10 but missing from vz9 meaning that we could leak mounts for long-running processes. This in turn means that it's possible to make a task leak mounts without it's knowledge if the attacker just keeps overmounting things under /proc/<pid>/fd/<nr>.
Similar things can be said about entries under fdinfo/ and map_files/ so those are restricted as well. Christian Brauner (6): proc: proc_readfd() -> proc_fd_iterate() proc: proc_readfdinfo() -> proc_fdinfo_iterate() proc: add proc_splice_unmountable() proc: block mounting on top of /proc/<pid>/map_files/* proc: block mounting on top of /proc/<pid>/fd/* proc: block mounting on top of /proc/<pid>/fdinfo/* fs/proc/base.c | 4 ++-- fs/proc/fd.c | 16 ++++++++-------- fs/proc/internal.h | 13 +++++++++++++ 3 files changed, 23 insertions(+), 10 deletions(-) -- 2.43.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
