blob: 88f17a22cabfab525df0cfade17ba88371982a63 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Description: The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.
References:
https://bugzilla.kernel.org/show_bug.cgi?id=193921
Notes:
bwh> The upstream "fix" for this is to remove the feature, as it is
bwh> redundant with tracing. I don't think that change is
bwh> acceptable for stable branches, other than possibly 4.9. We
bwh> could instead prevent processes outside the initial pid
bwh> namespace from opening the file.
bwh> Although MITRE's description only refers to /proc/timer_list,
bwh> /proc/timer_stats also exposes pids if CONFIG_TIMER_STATS is
bwh> enabled.
Bugs:
upstream: released (4.11-rc1) [dfb4357da6ddbdf57d583ba64361c9d792b0e0b1]
4.19-upstream-stable: N/A "Fixed before branch point"
4.9-upstream-stable: released (4.9.175) [c9257238740ee492574cf686313037be7470e7ec]
3.16-upstream-stable: released (3.16.67) [07efa228ff7bfadaf50f0daa63a228d055f232ce]
3.2-upstream-stable: ignored "EOL"
sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
4.9-stretch-security: N/A "Fixed before release"
3.16-jessie-security: released (3.16.64-1) [bugfix/all/timer-debug-change-proc-timer_stats-from-0644-to-0600.patch]
3.2-wheezy-security: ignored "EOL"
|
