lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <452D3ED9.509@hq.idt.net>
Date:	Wed, 11 Oct 2006 14:58:33 -0400
From:	Serge Aleynikov <serge@...idt.net>
To:	linux-kernel@...r.kernel.org
CC:	Linus Torvalds <torvalds@...l.org>, Alan Cox <alan@...hat.com>
Subject: non-critical security bug fix

To Maintainers of the linux/security/commoncap.c:

Patch description:
==================
This bug-fix ensures that if a process with root access sets 
keep_capabilities flag, current capabilities get preserved when the 
process switches from root to another effective user.  It looks like 
this was intended from the way capabilities are documented, but the 
current->keep_capabilities flag is not being checked.

Regards,

Serge

----------------------------[ Begin patch ]---------------------------

--- linux/security/commoncap.c.orig  2005-10-29 16:00:58.656572231 -0400
+++ linux/security/commoncap.c       2005-10-29 16:04:45.093411424 -0400
@@ -217,6 +217,10 @@
   * Keeping uid 0 is not an option because uid 0 owns too many vital
   * files..
   * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ *
+ * Serge Aleynikov <serge@...idt.net> IDT Corp, Oct 2005
+ * Control the case (old_euid==0 && current->euid!=0) via
+ * current->keep_capabilities as well.
   */
  static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
  					int old_suid)
@@ -227,7 +231,8 @@
  		cap_clear (current->cap_permitted);
  		cap_clear (current->cap_effective);
  	}
-	if (old_euid == 0 && current->euid != 0) {
+	if (old_euid == 0 && current->euid != 0 &&
+           !current->keep_capabilities) {
  		cap_clear (current->cap_effective);
  	}
  	if (old_euid != 0 && current->euid == 0) {

----------------------------[ End patch ]---------------------------



----------------------------[ Begin test ]--------------------------
Change the EFFECTIVE_UID value, compile and run the following as root.
This test tries to set the capability cap_net_raw, then switch from root
to an effective user, and open a raw socket being not a root.

#include <sys/socket.h>
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <linux/if_ether.h>
#include <netinet/in.h>
#include <unistd.h>
#include <sys/capability.h>
#include <sys/prctl.h>

#define EFFECTIVE_UID 501

int main()
{
	int s1, s2, rc;
	cap_t   caps;
	char    cmd [1024];

	if  (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
	    printf ("\nCould not SET_KEEPCAPS\n");
	printf ("Keeping the Capabilities: %d\n",
		prctl (PR_GET_KEEPCAPS, 0,0,0,0));

	printf ("\nReal UID=%d, Real GID=%d, Eff UID=%d, Eff GID=%d\n",
			getuid(), getgid(), geteuid(), getegid());

	caps =  cap_get_proc ();
	printf ("\nInitial Capabilities: %s\n",
		cap_to_text (caps, NULL));

	sprintf (cmd, "cap_setuid,cap_setgid,cap_net_raw=eip");
	printf  ("\nSetting the Capabilities %s\n",  cmd);
	rc   =  cap_set_proc (cap_from_text     (cmd));
	if (rc != 0)
	   printf ("Failed to set the Capabilities: %s\n",
		strerror(errno));

	caps =  cap_get_proc ();
	printf ("\nPrivileged Capabilities: %s\n",
		cap_to_text(caps, NULL));

	setegid (EFFECTIVE_UID);
	seteuid (EFFECTIVE_UID);

	printf ("\nReal UID=%d, Real GID=%d, Eff UID=%d, Eff GID=%d\n",
			getuid(), getgid(), geteuid(), getegid());

	caps =  cap_get_proc ();
	printf ("\nUnPrivileged Capabilities: %s\n",
		cap_to_text(caps, NULL));

	s1 = socket (PF_INET, SOCK_RAW, IPPROTO_RAW);
	if (s1 < 0)
		printf ("PF_INET error: %s\n", strerror (errno));

	s2 = socket (PF_PACKET, SOCK_RAW,  htonl(ETH_P_IP));
	if (s2 < 0)
		printf ("PF_INET error: %s\n", strerror (errno));

	return 0;
}
----------------------------[ End test ]----------------------------

Regards,

Serge

-- 
Serge Aleynikov
Routing R&D, IDT Telecom
Tel: +1 (973) 438-3436
Fax: +1 (973) 438-1464
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ