lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Nov 2017 14:06:52 -0200 From: Marcos Paulo de Souza <marcos.souza.org@...il.com> To: unlisted-recipients:; (no To-header on input) Cc: Marcos Paulo de Souza <marcos.souza.org@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Ingo Molnar <mingo@...nel.org>, Rik van Riel <riel@...hat.com>, Michal Hocko <mhocko@...e.com>, Stephen Rothwell <sfr@...b.auug.org.au>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Jiri Olsa <jolsa@...nel.org>, Hari Bathini <hbathini@...ux.vnet.ibm.com>, Peter Zijlstra <peterz@...radead.org>, Arnaldo Carvalho de Melo <acme@...hat.com>, linux-kernel@...r.kernel.org Subject: [PATCH -next] fork.c: Move check of clone NEWIPC and SYSVSEM to copy_process Currently this check for CLONE_NEWIPC with CLONE_SYSVSEM is done inside copy_namespaces, resulting in a handful of error paths being executed if these flags were used together. So, move this check to the beginning of copy_process, exiting earlier if the condition is true. This move is safe because copy_namespaces is called just from copy_process function. Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@...il.com> --- kernel/fork.c | 11 +++++++++++ kernel/nsproxy.c | 11 ----------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 2113e252cb9d..691f9ba135fc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1600,6 +1600,17 @@ static __latent_entropy struct task_struct *copy_process( return ERR_PTR(-EINVAL); /* + * CLONE_NEWIPC must detach from the undolist: after switching + * to a new ipc namespace, the semaphore arrays from the old + * namespace are unreachable. In clone parlance, CLONE_SYSVSEM + * means share undolist with parent, so we must forbid using + * it along with CLONE_NEWIPC. + */ + if ((clone_flags & (CLONE_NEWIPC | CLONE_SYSVSEM)) == + (CLONE_NEWIPC | CLONE_SYSVSEM)) + return ERR_PTR(-EINVAL); + + /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. */ diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index f6c5d330059a..30882727dff5 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -151,17 +151,6 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) if (!ns_capable(user_ns, CAP_SYS_ADMIN)) return -EPERM; - /* - * CLONE_NEWIPC must detach from the undolist: after switching - * to a new ipc namespace, the semaphore arrays from the old - * namespace are unreachable. In clone parlance, CLONE_SYSVSEM - * means share undolist with parent, so we must forbid using - * it along with CLONE_NEWIPC. - */ - if ((flags & (CLONE_NEWIPC | CLONE_SYSVSEM)) == - (CLONE_NEWIPC | CLONE_SYSVSEM)) - return -EINVAL; - new_ns = create_new_namespaces(flags, tsk, user_ns, tsk->fs); if (IS_ERR(new_ns)) return PTR_ERR(new_ns); -- 2.13.6
Powered by blists - more mailing lists