| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Nov 2017 14:06:52 -0200
From: Marcos Paulo de Souza <marcos.souza.org@...il.com>
To: unlisted-recipients:; (no To-header on input)
Cc: Marcos Paulo de Souza <marcos.souza.org@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>, Rik van Riel <riel@...hat.com>,
Michal Hocko <mhocko@...e.com>,
Stephen Rothwell <sfr@...b.auug.org.au>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Hari Bathini <hbathini@...ux.vnet.ibm.com>,
Peter Zijlstra <peterz@...radead.org>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH -next] fork.c: Move check of clone NEWIPC and SYSVSEM to copy_process
Currently this check for CLONE_NEWIPC with CLONE_SYSVSEM is done inside
copy_namespaces, resulting in a handful of error paths being executed if
these flags were used together. So, move this check to the beginning of
copy_process, exiting earlier if the condition is true.
This move is safe because copy_namespaces is called just from
copy_process function.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@...il.com>
---
kernel/fork.c | 11 +++++++++++
kernel/nsproxy.c | 11 -----------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 2113e252cb9d..691f9ba135fc 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1600,6 +1600,17 @@ static __latent_entropy struct task_struct *copy_process(
return ERR_PTR(-EINVAL);
/*
+ * CLONE_NEWIPC must detach from the undolist: after switching
+ * to a new ipc namespace, the semaphore arrays from the old
+ * namespace are unreachable. In clone parlance, CLONE_SYSVSEM
+ * means share undolist with parent, so we must forbid using
+ * it along with CLONE_NEWIPC.
+ */
+ if ((clone_flags & (CLONE_NEWIPC | CLONE_SYSVSEM)) ==
+ (CLONE_NEWIPC | CLONE_SYSVSEM))
+ return ERR_PTR(-EINVAL);
+
+ /*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
*/
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f6c5d330059a..30882727dff5 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -151,17 +151,6 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk)
if (!ns_capable(user_ns, CAP_SYS_ADMIN))
return -EPERM;
- /*
- * CLONE_NEWIPC must detach from the undolist: after switching
- * to a new ipc namespace, the semaphore arrays from the old
- * namespace are unreachable. In clone parlance, CLONE_SYSVSEM
- * means share undolist with parent, so we must forbid using
- * it along with CLONE_NEWIPC.
- */
- if ((flags & (CLONE_NEWIPC | CLONE_SYSVSEM)) ==
- (CLONE_NEWIPC | CLONE_SYSVSEM))
- return -EINVAL;
-
new_ns = create_new_namespaces(flags, tsk, user_ns, tsk->fs);
if (IS_ERR(new_ns))
return PTR_ERR(new_ns);
--
2.13.6
Powered by blists - more mailing lists