lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 7 Nov 2010 09:04:22 +0100 From: Michael Kerrisk <mtk.manpages@...il.com> To: Neil Horman <nhorman@...driver.com>, Jiri Slaby <jslaby@...ell.com> Cc: marcin.slusarz@...il.com, tglx@...utronix.de, mingo@...hat.com, hpa@...or.com, lkml <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Heiko Carstens <heiko.carstens@...ibm.com>, Michael Kerrisk <mtk.manpages@...glemail.com>, Linux API <linux-api@...r.kernel.org> Subject: Inconsistent credential checking in prlimit() syscall Hello Neil, Jiri, I started documenting the prlimit() system call added in 2.6.36, and found the permission checks to be rather inconsistent with any other kernel-userspace API. They are: CAP_SYS_RESOURCE || (c-uid == t-uid && c0uid == t-euid && c-uid == t-suid) && (c-gid == t-gid && c-gid == t-guid && c-gid == t-sgid) (uid == real UID; euid == effective UID; suid == save set-user-ID; and analogously for GIDs; c- == caller's ID, and t- == target process's ID) In other words, for an unprivileged user, all UIDs of the target process must match the calling process's real UID *and* all GIDs of the target process must match the calling process's real GID. What is the reason that the checks for prlimit() aren't similar to say setpriority(), whose checks are the much simpler, and make no mention of GIDs: c-euid == t-uid || c-euid == t-euid ? Thanks, Michael PS see also http://linux-man-pages.blogspot.com/2010/11/system-call-credential-checking-tale-of.html -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists