Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges

From: Pavel Machek <hidden>
Date: 2010-01-01 14:53:11
Also in: lkml

Possibly related (same subject, not in this thread)

2010-01-03 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Peter Dolding <hidden>
2010-01-02 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Peter Dolding <hidden>
2010-01-01 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Casey Schaufler <casey@schaufler-ca.com>
2010-01-01 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Alan Cox <hidden>
2010-01-01 · Re: [RFC][PATCH v3] Unprivileged: Disable raising of privileges · Casey Schaufler <casey@schaufler-ca.com>

quoted

- unprivileged process took action to prevent gaining a capability.
- exec'd suid sendmail.
- sendmail took action as root because it could not become someone else.

Which is a classic bug and replicated historically in cpu time, quota and
other similar "remove rights and then .." attacks.

Yes, so from now on, when we add new "cpu cache misses quota", we
should require prctl(I_SHOULD_NOT_BE_ABLE_TO_LAUNCH_SETUID) for
unpriviledged users, first.


								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help