[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1363784947-24060-3-git-send-email-tal.tchwella@gmail.com>
Date: Wed, 20 Mar 2013 06:09:06 -0700
From: tal.tchwella@...il.com
To: linux-kernel@...r.kernel.org
Cc: tchwella@....edu
Subject: [PATCH 2/3] socket checks for uds fds transfer
From: Tal Tchwella <tchwella@....edu>
This patch checks whether another user is trying to send a chrooted application by
a non-root user a fd to a directory, which will allow it to escape.
By preventing this kind of fd transfer to chrooted applications by non-root users,
certain security risks are mitigated.
Signed-off-by: Tal Tchwella <tchwella@....edu>
---
net/core/scm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/core/scm.c b/net/core/scm.c
index ff52ad0..e505528 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -282,6 +282,15 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
i++, cmfptr++)
{
+ /*
+ * Restricts passing of fds via unix domain sockets to non-root
+ * chrooted applications to files and does not allow directories
+ * to be passed.
+ */
+ if (current->user_chroot == CHROOT_USER_MODE) {
+ if (S_ISDIR(fp[i]->f_dentry->d_inode->i_mode))
+ continue;
+ }
int new_fd;
err = security_file_receive(fp[i]);
if (err)
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists