From: Chris Wright <chrisw@osdl.org>

Fix for CAN-2003-0461: /proc/tty/driver/serial in Linux 2.4.x reveals the
exact number of characters used in serial links, which could allow local
users to obtain potentially sensitive information such as the length of
passwords.



 25-akpm/fs/proc/generic.c       |   12 +++++++++---
 25-akpm/fs/proc/proc_tty.c      |    8 +++++++-
 25-akpm/include/linux/proc_fs.h |    2 ++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff -puN fs/proc/generic.c~proc-tty-driver-permission-fix fs/proc/generic.c
--- 25/fs/proc/generic.c~proc-tty-driver-permission-fix	Sat Dec 20 21:10:53 2003
+++ 25-akpm/fs/proc/generic.c	Sat Dec 20 21:10:53 2003
@@ -567,12 +567,12 @@ struct proc_dir_entry *proc_symlink(cons
 	return ent;
 }
 
-struct proc_dir_entry *proc_mkdir(const char *name, struct proc_dir_entry *parent)
+struct proc_dir_entry *proc_mkdir_mode(const char *name, mode_t mode,
+		struct proc_dir_entry *parent)
 {
 	struct proc_dir_entry *ent;
 
-	ent = proc_create(&parent,name,
-			  (S_IFDIR | S_IRUGO | S_IXUGO),2);
+	ent = proc_create(&parent, name, S_IFDIR | mode, 2);
 	if (ent) {
 		ent->proc_fops = &proc_dir_operations;
 		ent->proc_iops = &proc_dir_inode_operations;
@@ -585,6 +585,12 @@ struct proc_dir_entry *proc_mkdir(const 
 	return ent;
 }
 
+struct proc_dir_entry *proc_mkdir(const char *name,
+		struct proc_dir_entry *parent)
+{
+	return proc_mkdir_mode(name, S_IRUGO | S_IXUGO, parent);
+}
+
 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
 					 struct proc_dir_entry *parent)
 {
diff -puN fs/proc/proc_tty.c~proc-tty-driver-permission-fix fs/proc/proc_tty.c
--- 25/fs/proc/proc_tty.c~proc-tty-driver-permission-fix	Sat Dec 20 21:10:53 2003
+++ 25-akpm/fs/proc/proc_tty.c	Sat Dec 20 21:10:53 2003
@@ -229,7 +229,13 @@ void __init proc_tty_init(void)
 	if (!proc_mkdir("tty", 0))
 		return;
 	proc_tty_ldisc = proc_mkdir("tty/ldisc", 0);
-	proc_tty_driver = proc_mkdir("tty/driver", 0);
+	/*
+	 * /proc/tty/driver/serial reveals the exact character counts for
+	 * serial links which is just too easy to abuse for inferring
+	 * password lengths and inter-keystroke timings during password
+	 * entry.
+	 */
+	proc_tty_driver = proc_mkdir_mode("tty/driver", S_IRUSR | S_IXUSR, 0);
 
 	create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
 	entry = create_proc_entry("tty/drivers", 0, NULL);
diff -puN include/linux/proc_fs.h~proc-tty-driver-permission-fix include/linux/proc_fs.h
--- 25/include/linux/proc_fs.h~proc-tty-driver-permission-fix	Sat Dec 20 21:35:55 2003
+++ 25-akpm/include/linux/proc_fs.h	Sat Dec 20 21:36:41 2003
@@ -141,6 +141,8 @@ extern void proc_rtas_init(void);
 extern struct proc_dir_entry *proc_symlink(const char *,
 		struct proc_dir_entry *, const char *);
 extern struct proc_dir_entry *proc_mkdir(const char *,struct proc_dir_entry *);
+extern struct proc_dir_entry *proc_mkdir_mode(const char *name, mode_t mode,
+			struct proc_dir_entry *parent);
 
 static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
 	mode_t mode, struct proc_dir_entry *base, 

_