)]}'
{
  "commit": "aa6afca5bcaba8101f3ea09d5c3e4100b2b9f0e5",
  "tree": "d8a6fec9d15cbaf37513a18666f5611aa7cb7a83",
  "parents": [
    "887df07891de0435c25cffb92268fea2c621f99c"
  ],
  "author": {
    "name": "Vasiliy Kulikov",
    "email": "segoon@openwall.com",
    "time": "Wed Nov 02 13:38:44 2011 -0700"
  },
  "committer": {
    "name": "Linus Torvalds",
    "email": "torvalds@linux-foundation.org",
    "time": "Wed Nov 02 16:07:00 2011 -0700"
  },
  "message": "proc: fix races against execve() of /proc/PID/fd**\n\nfd* files are restricted to the task\u0027s owner, and other users may not get\ndirect access to them.  But one may open any of these files and run any\nsetuid program, keeping opened file descriptors.  As there are permission\nchecks on open(), but not on readdir() and read(), operations on the kept\nfile descriptors will not be checked.  It makes it possible to violate\nprocfs permission model.\n\nReading fdinfo/* may disclosure current fds\u0027 position and flags, reading\ndirectory contents of fdinfo/ and fd/ may disclosure the number of opened\nfiles by the target task.  This information is not sensible per se, but it\ncan reveal some private information (like length of a password stored in a\nfile) under certain conditions.\n\nUsed existing (un)lock_trace functions to check for ptrace_may_access(),\nbut instead of using EPERM return code from it use EACCES to be consistent\nwith existing proc_pid_follow_link()/proc_pid_readlink() return code.  If\nthey differ, attacker can guess what fds exist by analyzing stat() return\ncode.  Patched handlers: stat() for fd/*, stat() and read() for fdindo/*,\nreaddir() and lookup() for fd/ and fdinfo/.\n\nSigned-off-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nCc: Cyrill Gorcunov \u003cgorcunov@gmail.com\u003e\nCc: \u003cstable@kernel.org\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8f0087e20e168ee04e6b14e7ef05a68f13e4b58e",
      "old_mode": 33188,
      "old_path": "fs/proc/base.c",
      "new_id": "d4f4913f00db62ce8f52524cf599ad48b15c0eff",
      "new_mode": 33188,
      "new_path": "fs/proc/base.c"
    }
  ]
}