Bug 193921 - /proc/timer_list leaks the real pids of the associated processes
Summary: /proc/timer_list leaks the real pids of the associated processes
Status: NEW
Alias: None
Product: Timers
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: john stultz
Depends on:
Reported: 2017-02-03 21:46 UTC by Xing Gao
Modified: 2017-02-03 21:51 UTC (History)
0 users

See Also:
Kernel Version: 4.9
Tree: Mainline
Regression: No


Description Xing Gao 2017-02-03 21:46:15 UTC
The pseudo file /proc/timer_list leaks the real pids of the associated processes. 

The function print_timer(kernel/time/timer_list.c) displays timer->start_pid, which is set inside the function __timer_stats_timer_set_start_info (kernel/time/timer.c). This is the real pid, rather than the pid in the pid namespace. If the user within a container retrieves the content of /proc/timer_list, this file will leak the real pid of the associated process. 

Docker has blocked the read access to /proc/timer_list. But there should be a kernel fix to address this information leakage.
Comment 1 john stultz 2017-02-03 21:51:34 UTC
Please send this to lkml and add Thomas Gleixner <tglx@linutronix.de> and Kees Cook <keescook@google.com> to the cc.

Note You need to log in before you can comment on or make changes to this bug.