cgroup: Use open-time credentials for process migraton perm checks

[linux-2.6-microblaze.git] / kernel / cgroup / cgroup-v1.c

diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 81c9e06..0e73691 100644 (file)
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -504,10 +504,11 @@ static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of,
                goto out_unlock;
 
        /*
-        * Even if we're attaching all tasks in the thread group, we only
-        * need to check permissions on one of them.
+        * Even if we're attaching all tasks in the thread group, we only need
+        * to check permissions on one of them. Check permissions using the
+        * credentials from file open to protect against inherited fd attacks.
         */
-       cred = current_cred();
+       cred = of->file->f_cred;
        tcred = get_task_cred(task);
        if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
            !uid_eq(cred->euid, tcred->uid) &&