On Fri, Jun 29, 2018 at 5:53 AM, Serge E. Hallyn [off-list ref] wrote:

On Fri, Jun 29, 2018 at 09:57:11AM +0800, Eddie.Horng wrote:

quoted

On Thu, 2018-06-28 at 13:28 -0500, Serge E. Hallyn wrote:

quoted

Ah - I just tried his reproducer, and in fact got:

0 ? serge at sl ~/test $ getcap execveat
execveat = cap_sys_admin+ep
0 ? serge at sl ~/test $ ./execveat
execveat: Bad file descriptor

on ext4, with 4.15.0-22-generic #24~16.04.1-Ubuntu

Without the filecap, it works.

-serge

The simple reproducer expected /bin/echo exists in the same
dir of execveat executable and does not check the return fd
of open("echo", ...). I'm not sure if you run into this case,
but I tried to run execveat without echo exists, got same result:
"execveat: Bad file descriptor".

Hah!  Yes, i was in too much of a hurry;  I ran it once with
./echo existing and no caps, that worked;  then i set the caps
on execveat instead of ./echo, and echo had gotten deleted by the
previous test causing the failure like you said.

So, the same thing does happen with setuid anyway, so while that
seems worth addressing one day,

Serge,

I misunderstood the bottom line.

Can the problem be reproduced on local fs with/without caps?
and if so, what is missing from reproducer script for that.

Thanks,
Amir.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html