lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Jan 2019 19:14:39 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:     Eric Biggers <ebiggers3@...il.com>,
        Al Viro <viro@...iv.linux.org.uk>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        syzbot 
        <bot+e93a80c1bb7c5c56e522461c149f8bf55eab1b2b@...kaller.appspotmail.com>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: [PATCH] fs: Allow opening only regular files during execve().

On Tue, Dec 12, 2017 at 2:06 PM, Eric Biggers <ebiggers3@...il.com> wrote:
> I'm not sure what the fix will be.  Maybe the proc handlers should take a
> different lock instead of cred_guard_mutex.  Or perhaps execve should check that
> the file is a regular file before it attempts to open it.

We can easily distinguish open() from execve() and open() from others. ;-)

>From a8c559566f743eeec31c3cf5bab7a90b1ff7f78b Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Date: Mon, 21 Jan 2019 13:55:11 +0900
Subject: [PATCH] fs: Allow opening only regular files during execve().

syzbot is hitting lockdep warning [1] due to trying to open a fifo during
an execve() operation. But we don't need to open non regular files during
an execve() operation, for all files which we will need are the executable
file itself, the interpreter program, and libraries like ld-linux.so.2
required by the executable file or the interpreter program.

Since the manpage for execve(2) says that execve() returns EACCES when
the file or a script interpreter is not a regular file, and we set
current->in_execve flag during an execve() operation, let's bail out
when current thread tried to open a non regular file during an execve()
operation.

[1] https://syzkaller.appspot.com/bug?id=b5095bfec44ec84213bac54742a82483aad578ce

Reported-by: syzbot <syzbot+e93a80c1bb7c5c56e522461c149f8bf55eab1b2b@...kaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
 fs/open.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/open.c b/fs/open.c
index 0285ce7dbd51..b2e7b04ade46 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -733,6 +733,12 @@ static int do_dentry_open(struct file *f,
 		return 0;
 	}
 
+	/* The file or a script interpreter has to be a regular file. */
+	if (unlikely(current->in_execve && !S_ISREG(inode->i_mode))) {
+		error = -EACCES;
+		goto cleanup_file;
+	}
+
 	if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
 		error = get_write_access(inode);
 		if (unlikely(error))
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ