lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 26 Nov 2017 14:06:52 -0200
From:   Marcos Paulo de Souza <marcos.souza.org@...il.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     Marcos Paulo de Souza <marcos.souza.org@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>, Rik van Riel <riel@...hat.com>,
        Michal Hocko <mhocko@...e.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Hari Bathini <hbathini@...ux.vnet.ibm.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        linux-kernel@...r.kernel.org
Subject: [PATCH -next] fork.c: Move check of clone NEWIPC and SYSVSEM to copy_process

Currently this check for CLONE_NEWIPC with CLONE_SYSVSEM is done inside
copy_namespaces, resulting in a handful of error paths being executed if
these flags were used together. So, move this check to the beginning of
copy_process, exiting earlier if the condition is true.

This move is safe because copy_namespaces is called just from
copy_process function.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@...il.com>
---
 kernel/fork.c    | 11 +++++++++++
 kernel/nsproxy.c | 11 -----------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index 2113e252cb9d..691f9ba135fc 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1600,6 +1600,17 @@ static __latent_entropy struct task_struct *copy_process(
 		return ERR_PTR(-EINVAL);
 
 	/*
+	 * CLONE_NEWIPC must detach from the undolist: after switching
+	 * to a new ipc namespace, the semaphore arrays from the old
+	 * namespace are unreachable.  In clone parlance, CLONE_SYSVSEM
+	 * means share undolist with parent, so we must forbid using
+	 * it along with CLONE_NEWIPC.
+	 */
+	if ((clone_flags & (CLONE_NEWIPC | CLONE_SYSVSEM)) ==
+		(CLONE_NEWIPC | CLONE_SYSVSEM))
+		return ERR_PTR(-EINVAL);
+
+	/*
 	 * Thread groups must share signals as well, and detached threads
 	 * can only be started up within the thread group.
 	 */
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index f6c5d330059a..30882727dff5 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -151,17 +151,6 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk)
 	if (!ns_capable(user_ns, CAP_SYS_ADMIN))
 		return -EPERM;
 
-	/*
-	 * CLONE_NEWIPC must detach from the undolist: after switching
-	 * to a new ipc namespace, the semaphore arrays from the old
-	 * namespace are unreachable.  In clone parlance, CLONE_SYSVSEM
-	 * means share undolist with parent, so we must forbid using
-	 * it along with CLONE_NEWIPC.
-	 */
-	if ((flags & (CLONE_NEWIPC | CLONE_SYSVSEM)) ==
-		(CLONE_NEWIPC | CLONE_SYSVSEM)) 
-		return -EINVAL;
-
 	new_ns = create_new_namespaces(flags, tsk, user_ns, tsk->fs);
 	if (IS_ERR(new_ns))
 		return  PTR_ERR(new_ns);
-- 
2.13.6

Powered by blists - more mailing lists