Re: [PATCH v2 0/2] setgid hardening
From: Andy Lutomirski <luto@amacapital.net>
Date: 2017-01-31 03:56:04
Also in:
linux-fsdevel, linux-mm, lkml
On Mon, Jan 30, 2017 at 7:49 PM, Michael Kerrisk [off-list ref] wrote:
[CC += linux-api@] Andy, this is an API change!
Indeed. I should be ashamed of myself!
On Sat, Jan 28, 2017 at 3:49 PM, Andy Lutomirski [off-list ref] wrote:quoted
The kernel has some dangerous behavior involving the creation and modification of setgid executables. These issues aren't kernel security bugs per se, but they have been used to turn various filesystem permission oddities into reliably privilege escalation exploits. See http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ for a nice writeup. Let's fix them for real. Changes from v1: - Fix uninitialized variable issue (Willy, Ben) - Also check current creds in should_remove_suid() (Ben) Andy Lutomirski (2): fs: Check f_cred as well as of current's creds in should_remove_suid() fs: Harden against open(..., O_CREAT, 02777) in a setgid directory fs/inode.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++-------- fs/internal.h | 2 +- fs/ocfs2/file.c | 4 ++-- fs/open.c | 2 +- include/linux/fs.h | 2 +- 5 files changed, 57 insertions(+), 14 deletions(-) -- 2.9.3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>-- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface", http://blog.man7.org/
-- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>