| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Mar 2013 05:53:44 -0700
From: Tal Tchwella <tal.tchwella@...il.com>
To: linux-kernel@...r.kernel.org
Cc: tchwella@....edu
Subject: [PATCH 2/3] socket checks for uds fds transfer
This patch checks whether another user is trying to send a chrooted application by
a non-root user a fd to a directory, which will allow it to escape.
By preventing this kind of fd transfer to chrooted applications by non-root users,
certain security risks are mitigated.
Signed-off-by: Tal Tchwella <tchwella@....edu>
---
net/core/scm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/core/scm.c b/net/core/scm.c
index ff52ad0..e505528 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -282,6 +282,15 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
i++, cmfptr++)
{
+ /*
+ * Restricts passing of fds via unix domain sockets to non-root
+ * chrooted applications to files and does not allow directories
+ * to be passed.
+ */
+ if (current->user_chroot == CHROOT_USER_MODE) {
+ if (S_ISDIR(fp[i]->f_dentry->d_inode->i_mode))
+ continue;
+ }
int new_fd;
err = security_file_receive(fp[i]);
if (err)
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists