[PATCH 6.6 123/140] acct: block access to kernel internal filesystems

24 Feb 2025

6.6-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Christian Brauner brauner@kernel.org
commit 890ed45bde808c422c3c27d3285fc45affa0f930 upstream.
There's no point in allowing anything kernel internal nor procfs or
sysfs.
Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com
Link: https://lore.kernel.org/r/20250211-work-acct-v1-2-1c16aecab8b3@kernel.org
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Amir Goldstein amir73il@gmail.com
Reported-by: Zicheng Qu quzicheng@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner brauner@kernel.org
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 kernel/acct.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -244,6 +244,20 @@ static int acct_on(struct filename *path
    	return -EACCES;
    }
+	/* Exclude kernel kernel internal filesystems. */
+	if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
+		kfree(acct);
+		filp_close(file, NULL);
+		return -EINVAL;
+	}
+
+	/* Exclude procfs and sysfs. */
+	if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
+		kfree(acct);
+		filp_close(file, NULL);
+		return -EINVAL;
+	}
+
    if (!(file->f_mode & FMODE_CAN_WRITE)) {
    	kfree(acct);
    	filp_close(file, NULL);

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.6 123/140] acct: block access to kernel internal filesystems