| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210609064008.liz2gvpjtyqwx6qr@wittgenstein>
Date: Wed, 9 Jun 2021 08:40:08 +0200
From: Christian Brauner <christian.brauner@...ntu.com>
To: Kees Cook <keescook@...omium.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Andrea Righi <andrea.righi@...onical.com>,
stable@...r.kernel.org, linux-kernel@...r.kernel.org,
regressions@...ts.linux.dev
Subject: Re: [PATCH] proc: Track /proc/$pid/attr/ opener mm_struct
On Tue, Jun 08, 2021 at 10:12:21AM -0700, Kees Cook wrote:
> Commit bfb819ea20ce ("proc: Check /proc/$pid/attr/ writes against file opener")
> tried to make sure that there could not be a confusion between the opener of
> a /proc/$pid/attr/ file and the writer. It used struct cred to make sure
> the privileges didn't change. However, there were existing cases where a more
> privileged thread was passing the opened fd to a differently privileged thread
> (during container setup). Instead, use mm_struct to track whether the opener
> and writer are still the same process. (This is what several other proc files
> already do, though for different reasons.)
>
> Reported-by: Christian Brauner <christian.brauner@...ntu.com>
> Reported-by: Andrea Righi <andrea.righi@...onical.com>
> Tested-by: Andrea Righi <andrea.righi@...onical.com>
> Fixes: bfb819ea20ce ("proc: Check /proc/$pid/attr/ writes against file opener")
> Cc: stable@...r.kernel.org
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
Thanks!
Acked-by: Christian Brauner <christian.brauner@...ntu.com>
Powered by blists - more mailing lists