| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2017 13:06:50 -0800
From: Andy Lutomirski <luto@...nel.org>
To: security@...nel.org
Cc: Konstantin Khlebnikov <koct9i@...il.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Kees Cook <keescook@...omium.org>, Willy Tarreau <w@....eu>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Andrew Morton <akpm@...ux-foundation.org>,
yalin wang <yalin.wang2010@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jan Kara <jack@...e.cz>,
Linux FS Devel <linux-fsdevel@...r.kernel.org>,
Andy Lutomirski <luto@...nel.org>
Subject: [PATCH 0/2] setgid hardening
The kernel has some dangerous behavior involving the creation and
modification of setgid executables. These issues aren't kernel
security bugs per se, but they have been used to turn various
filesystem permission oddities into reliably privilege escalation
exploits.
See http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/
for a nice writeup.
Let's fix them for real.
Andy Lutomirski (2):
fs: Check f_cred instead of current's creds in should_remove_suid()
fs: Harden against open(..., O_CREAT, 02777) in a setgid directory
fs/inode.c | 37 ++++++++++++++++++++++++++++++-------
fs/internal.h | 2 +-
fs/ocfs2/file.c | 4 ++--
fs/open.c | 2 +-
include/linux/fs.h | 2 +-
5 files changed, 35 insertions(+), 12 deletions(-)
--
2.9.3
Powered by blists - more mailing lists