| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D435123.3080003@suse.cz> Date: Sat, 29 Jan 2011 00:28:35 +0100 From: Jiri Slaby <jslaby@...e.cz> To: Kacper Kornet <kornet@...k.edu.pl> CC: Linus Torvalds <torvalds@...ux-foundation.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] Fix prlimit64 for suid/sgid processes On 01/29/2011 12:21 AM, Kacper Kornet wrote: > Since check_prlimit_permission always fails in the case of SUID/GUID > processes, such processes are not able to read or set their own limits. > This commit changes this by assuming that process can always read/change > its own limits. > > Signed-off-by: Kacper Kornet <kornet@...k.edu.pl> ACK. The check comes from the ptrace code. I forgot to copy this test. > --- > kernel/sys.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/kernel/sys.c b/kernel/sys.c > index e9ad444..03bead7 100644 > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -1375,7 +1375,8 @@ static int check_prlimit_permission(struct task_struct *task) > const struct cred *cred = current_cred(), *tcred; > > tcred = __task_cred(task); > - if ((cred->uid != tcred->euid || > + if (current != task && > + (cred->uid != tcred->euid || > cred->uid != tcred->suid || > cred->uid != tcred->uid || > cred->gid != tcred->egid || thanks, -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists