193921 – /proc/timer_list leaks the real pids of the associated processes

Bug 193921 - /proc/timer_list leaks the real pids of the associated processes

Summary: /proc/timer_list leaks the real pids of the associated processes

Status:	NEW

Alias:	None

Product:	Timers
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	john stultz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-03 21:46 UTC by Xing Gao
Modified:	2017-02-03 21:51 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	4.9
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Xing Gao 2017-02-03 21:46:15 UTC

The pseudo file /proc/timer_list leaks the real pids of the associated processes. 

The function print_timer(kernel/time/timer_list.c) displays timer->start_pid, which is set inside the function __timer_stats_timer_set_start_info (kernel/time/timer.c). This is the real pid, rather than the pid in the pid namespace. If the user within a container retrieves the content of /proc/timer_list, this file will leak the real pid of the associated process. 

Docker has blocked the read access to /proc/timer_list. But there should be a kernel fix to address this information leakage.

Comment 1 john stultz 2017-02-03 21:51:34 UTC

Please send this to lkml and add Thomas Gleixner <tglx@linutronix.de> and Kees Cook <keescook@google.com> to the cc.

Note You need to log in before you can comment on or make changes to this bug.