proc: disable mem_write after exec

This change makes mem_write() observe the same constraints as mem_read().  This
is particularly important for mem_write as an accidental leak of the fd across
an exec could result in arbitrary modification of the target process' memory.
IOW, /proc/pid/mem is implicitly close-on-exec.

Signed-off-by: Stephen Wilson <wilsons@start.ca>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/proc/base.c b/fs/proc/base.c
index e94b58b..9af49a3 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -850,6 +850,10 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
        if (check_mem_permission(task))
                goto out;
 
+       copied = -EIO;
+       if (file->private_data != (void *)((long)current->self_exec_id))
+               goto out;
+
        copied = -ENOMEM;
        page = (char *)__get_free_page(GFP_TEMPORARY);
        if (!page)