• Al Viro's avatar
    fix infoleak in waitid(2) · 6c85501f
    Al Viro authored
    kernel_waitid() can return a PID, an error or 0.  rusage is filled in the first
    case and waitid(2) rusage should've been copied out exactly in that case, *not*
    whenever kernel_waitid() has not returned an error.  Compat variant shares that
    braino; none of kernel_wait4() callers do, so the below ought to fix it.
    Reported-and-tested-by: 's avatarAlexander Potapenko <glider@google.com>
    Fixes: ce72a16f ("wait4(2)/waitid(2): separate copying rusage to userland")
    Cc: stable@vger.kernel.org # v4.13
    Signed-off-by: 's avatarAl Viro <viro@zeniv.linux.org.uk>
    6c85501f
exit.c 44.1 KB