Re: [PATCH v2 0/2] setgid hardening
From: Michael Kerrisk <hidden>
Date: 2017-01-31 03:49:37
Also in:
linux-fsdevel, linux-mm, lkml
[CC += linux-api@] Andy, this is an API change! On Sat, Jan 28, 2017 at 3:49 PM, Andy Lutomirski [off-list ref] wrote:
The kernel has some dangerous behavior involving the creation and modification of setgid executables. These issues aren't kernel security bugs per se, but they have been used to turn various filesystem permission oddities into reliably privilege escalation exploits. See http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ for a nice writeup. Let's fix them for real. Changes from v1: - Fix uninitialized variable issue (Willy, Ben) - Also check current creds in should_remove_suid() (Ben) Andy Lutomirski (2): fs: Check f_cred as well as of current's creds in should_remove_suid() fs: Harden against open(..., O_CREAT, 02777) in a setgid directory fs/inode.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++-------- fs/internal.h | 2 +- fs/ocfs2/file.c | 4 ++-- fs/open.c | 2 +- include/linux/fs.h | 2 +- 5 files changed, 57 insertions(+), 14 deletions(-) -- 2.9.3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
-- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface", http://blog.man7.org/ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>