Now that magic-link modes are obeyed for file re-opening purposes, some
of the pre-existing magic-link modes need to be adjusted to be more
semantically correct.

The most blatant example of this is /proc/self/exe, which had a mode of
a+rwx even though tautologically the file could never be opened for
writing (because it is the current->mm of a live process).

With the new O_PATH restrictions, changing the default mode of these
magic-links allows us to avoid delayed-access attacks such as we saw in
CVE-2019-5736.

Signed-off-by: Aleksa Sarai <cyp...@cyphar.com>
---
 fs/proc/base.c       | 20 ++++++++++----------
 fs/proc/namespaces.c |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index ebea9501afb8..297242174402 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -133,9 +133,9 @@ struct pid_entry {
 
 #define DIR(NAME, MODE, iops, fops)    \
        NOD(NAME, (S_IFDIR|(MODE)), &iops, &fops, {} )
-#define LNK(NAME, get_link)                                    \
-       NOD(NAME, (S_IFLNK|S_IRWXUGO),                          \
-               &proc_pid_link_inode_operations, NULL,          \
+#define LNK(NAME, MODE, get_link)                      \
+       NOD(NAME, (S_IFLNK|(MODE)),                     \
+               &proc_pid_link_inode_operations, NULL,  \
                { .proc_get_link = get_link } )
 #define REG(NAME, MODE, fops)                          \
        NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {})
@@ -3028,9 +3028,9 @@ static const struct pid_entry tgid_base_stuff[] = {
        REG("numa_maps",  S_IRUGO, proc_pid_numa_maps_operations),
 #endif
        REG("mem",        S_IRUSR|S_IWUSR, proc_mem_operations),
-       LNK("cwd",        proc_cwd_link),
-       LNK("root",       proc_root_link),
-       LNK("exe",        proc_exe_link),
+       LNK("cwd",        S_IRWXUGO, proc_cwd_link),
+       LNK("root",       S_IRWXUGO, proc_root_link),
+       LNK("exe",        S_IRUGO|S_IXUGO, proc_exe_link),
        REG("mounts",     S_IRUGO, proc_mounts_operations),
        REG("mountinfo",  S_IRUGO, proc_mountinfo_operations),
        REG("mountstats", S_IRUSR, proc_mountstats_operations),
@@ -3429,11 +3429,11 @@ static const struct pid_entry tid_base_stuff[] = {
        REG("numa_maps", S_IRUGO, proc_pid_numa_maps_operations),
 #endif
        REG("mem",       S_IRUSR|S_IWUSR, proc_mem_operations),
-       LNK("cwd",       proc_cwd_link),
-       LNK("root",      proc_root_link),
-       LNK("exe",       proc_exe_link),
+       LNK("cwd",       S_IRWXUGO, proc_cwd_link),
+       LNK("root",      S_IRWXUGO, proc_root_link),
+       LNK("exe",       S_IRUGO|S_IXUGO, proc_exe_link),
        REG("mounts",    S_IRUGO, proc_mounts_operations),
-       REG("mountinfo",  S_IRUGO, proc_mountinfo_operations),
+       REG("mountinfo", S_IRUGO, proc_mountinfo_operations),
 #ifdef CONFIG_PROC_PAGE_MONITOR
        REG("clear_refs", S_IWUSR, proc_clear_refs_operations),
        REG("smaps",     S_IRUGO, proc_pid_smaps_operations),
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
index dd2b35f78b09..cd1e130913f7 100644
--- a/fs/proc/namespaces.c
+++ b/fs/proc/namespaces.c
@@ -94,7 +94,7 @@ static struct dentry *proc_ns_instantiate(struct dentry 
*dentry,
        struct inode *inode;
        struct proc_inode *ei;
 
-       inode = proc_pid_make_inode(dentry->d_sb, task, S_IFLNK | S_IRWXUGO);
+       inode = proc_pid_make_inode(dentry->d_sb, task, S_IFLNK | S_IRUGO);
        if (!inode)
                return ERR_PTR(-ENOENT);
 
-- 
2.23.0

Reply via email to