| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 06 Jan 2011 00:47:00 -0800 From: ebiederm@...ssion.com (Eric W. Biederman) To: Amerigo Wang <amwang@...hat.com> Cc: linux-kernel@...r.kernel.org, kexec@...ts.infradead.org Subject: Re: [Patch] kexec_load: check CAP_SYS_MODULE Amerigo Wang <amwang@...hat.com> writes: > Eric pointed out that kexec_load() actually allows you to > run any code you want in ring0, this is more like CAP_SYS_MODULE. Let me get this straight you want to make the permission checks less stringent by allowing either CAP_SYS_MODULE or CAP_SYS_BOOT? CAP_SYS_BOOT is the correct capability. Sure you can run any code but only after rebooting. I don't see how this differs from any other reboot scenario. Eric > Reported-by: Eric Paris <eparis@...hat.com> > Signed-off-by: WANG Cong <amwang@...hat.com> > > --- > diff --git a/kernel/kexec.c b/kernel/kexec.c > index b55045b..c30d613 100644 > --- a/kernel/kexec.c > +++ b/kernel/kexec.c > @@ -945,7 +945,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, > int result; > > /* We only trust the superuser with rebooting the system. */ > - if (!capable(CAP_SYS_BOOT)) > + if (!capable(CAP_SYS_BOOT) || !capable(CAP_SYS_MODULE)) > return -EPERM; > > /* -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists