[stable] timer/debug: Change /proc/timer_list from 0444 to 0400

[stable] timer/debug: Change /proc/timer_list from 0444 to 0400

[Ben Hutchings]

Please pick this commit for 4.14 and older stable branches:

commit 8e7df2b5b7f245c9bd11064712db5cb69044a362
Author: Ingo Molnar <mingo@kernel.org>
Date:   Mon Nov 13 07:15:41 2017 +0100

    timer/debug: Change /proc/timer_list from 0444 to 0400

In older kernel versions this file makes it far too easy to exploit
arbitrary-write bugs.  It's possible to hide the pointers from
unprivileged users by setting the kernel.kptr_restrict sysctl, but that
wasn't done by default.

(Upstream commits c1eba5bcb643 "timer: Pass timer_list pointer to
callbacks unconditionally" and ad67b74d2469 "printk: hash addresses
printed with %p" provide more general mitigations, but don't seem to be
suitable for stable.)

Ben.

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom

Re: [stable] timer/debug: Change /proc/timer_list from 0444 to 0400

[Sasha Levin]

On Mon, Dec 17, 2018 at 10:01:03PM +0000, Ben Hutchings wrote:
>Please pick this commit for 4.14 and older stable branches:
>
>commit 8e7df2b5b7f245c9bd11064712db5cb69044a362
>Author: Ingo Molnar <mingo@kernel.org>
>Date:���Mon Nov 13 07:15:41 2017 +0100
>
>����timer/debug: Change /proc/timer_list from 0444 to 0400
>
>In older kernel versions this file makes it far too easy to exploit
>arbitrary-write bugs.  It's possible to hide the pointers from
>unprivileged users by setting the kernel.kptr_restrict sysctl, but that
>wasn't done by default.
>
>(Upstream commits c1eba5bcb643 "timer: Pass timer_list pointer to
>callbacks unconditionally" and ad67b74d2469 "printk: hash addresses
>printed with %p" provide more general mitigations, but don't seem to be
>suitable for stable.)

I've queued 8e7df2b5b7f2 for <=4.14, thank you.

--
Thanks,
Sasha