lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <498C6613.1030400@redhat.com>
Date:	Fri, 06 Feb 2009 10:32:19 -0600
From:	David Smith <dsmith@...hat.com>
To:	David Howells <dhowells@...hat.com>
CC:	jmorris@...ei.org, linux-kernel@...r.kernel.org, roland@...hat.com,
	fche@...hat.com, oleg@...hat.com,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH] CRED: Fix SUID exec regression

David Howells wrote:
> The patch:
> 
> 	commit a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d
> 	CRED: Make execve() take advantage of copy-on-write credentials
> 
> moved the place in which the 'safeness' of a SUID/SGID exec was performed to
> before de_thread() was called.  This means that LSM_UNSAFE_SHARE is now
> calculated incorrectly.  This flag is set if any of the usage counts for
> fs_struct, files_struct and sighand_struct are greater than 1 at the time the
> determination is made.  All of which are true for threads created by the
> pthread library.
> 
> However, since we wish to make the security calculation before irrevocably
> damaging the process so that we can return it an error code in the case where
> we decide we want to reject the exec request on this basis, we have to make the
> determination before calling de_thread().
> 
> So, instead, we count up the number of threads (CLONE_THREAD) that are sharing
> our fs_struct (CLONE_FS), files_struct (CLONE_FILES) and sighand_structs
> (CLONE_SIGHAND/CLONE_THREAD) with us.  These will be killed by de_thread() and
> so can be discounted by check_unsafe_exec().

...

> Reported-by: David Smith <dsmith@...hat.com>
> Signed-off-by: David Howells <dhowells@...hat.com>

I've tested this patch (applied on top of v2.6.29-rc3-634-g9be260a) and
it applies correctly and fixes the problem.  David, thanks for fixing this.

Acked-by: David Smith <dsmith@...hat.com>

-- 
David Smith
dsmith@...hat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ