| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1v995q4l1.fsf@fess.ebiederm.org>
Date: Thu, 01 Apr 2021 12:47:54 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Kees Cook <keescook@...omium.org>
Cc: Josh Hunt <johunt@...mai.com>, Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files
Kees Cook <keescook@...omium.org> writes:
> On Wed, Mar 31, 2021 at 11:36:28PM -0500, Eric W. Biederman wrote:
>> Josh Hunt <johunt@...mai.com> writes:
>>
>> > Currently only root can write files under /proc/pressure. Relax this to
>> > allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
>> > able to write to these files.
>>
>> The test for CAP_SYS_RESOURCE really needs to be in open rather
>> than in write.
>>
>> Otherwise a suid root executable could have stdout redirected
>> into these files.
>
> Right. Or check against f_cred. (See uses of kallsyms_show_value())
> https://www.kernel.org/doc/html/latest/security/credentials.html#open-file-credentials
We really want to limit checking against f_cred to those cases where we
break userspace by checking in open. AKA the cases where we made the
mistake of putting the permission check in the wrong place and now can't
fix it.
Since this change is change the permissions that open uses already I
don't see any reason we can't perform a proper check in open.
Eric
Powered by blists - more mailing lists