A patch similar to commit 197e7e521384("Sanitize 'move_pages()' permission
checks").
The set_task_ioprio function is responsible for setting the IO priority of a
specified process. The current implementation only checks if the target
process's uid matches the calling process's euid/uid, or if the caller has the
CAP_SYS_NICE capability. This permission check is too permissive and allows a
user to modify the IO priority of other processes with the same uid, including
privileged or system processes.
Local users can affect the IO scheduling of other processes with the same
uid, including suid binaries and system services, potentially causing denial
of service (DoS) or performance degradation.
So change the access checks to the more common 'ptrace_may_access()'
model instead.
Signed-off-by: Chen Yufeng <chenyufeng@xxxxxxxxx>
---
block/blk-ioc.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/block/blk-ioc.c b/block/blk-ioc.c
index 9fda3906e5f5..bd3e556809c5 100644
--- a/block/blk-ioc.c
+++ b/block/blk-ioc.c
@@ -244,12 +244,9 @@ static struct io_context *alloc_io_context(gfp_t gfp_flags, int node)
int set_task_ioprio(struct task_struct *task, int ioprio)
{
int err;
- const struct cred *cred = current_cred(), *tcred;
rcu_read_lock();
- tcred = __task_cred(task);
- if (!uid_eq(tcred->uid, cred->euid) &&
- !uid_eq(tcred->uid, cred->uid) && !capable(CAP_SYS_NICE)) {
+ if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
rcu_read_unlock();
return -EPERM;
}
--
2.34.1
