lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210831100326.2298176-1-christian.brauner@ubuntu.com>
Date:   Tue, 31 Aug 2021 12:03:26 +0200
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org
Subject: [GIT PULL] sys fixes

Hi Linus,

/* Summary */
This contains a single fix to set_user() which aligns permission checks with
the corresponding fork() codepath. Noone involved in this could come up with a
reason for the difference. A capable caller can already circumvent the check
when they fork where the permission checks are already for the relevant
capabilities in addition to also allowing to exceed nproc when it is the init
user. Apply the same logic to set_user().

(In case any question come up I'll be on vacation next week so responding might
 take a while.)

/* Testing */
All patches are based on v5.14-rc5 and have been sitting in linux-next. No
build failures or warnings were observed. All old and new tests are passing.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit 36a21d51725af2ce0700c6ebcb6b9594aac658a6:

  Linux 5.14-rc5 (2021-08-08 13:49:31 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/kernel.sys.v5.15

for you to fetch changes up to 2863643fb8b92291a7e97ba46e342f1163595fa8:

  set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds (2021-08-12 14:54:25 +0200)

Please consider pulling these changes from the signed kernel.sys.v5.15 tag.

Thanks!
Christian

----------------------------------------------------------------
kernel.sys.v5.15

----------------------------------------------------------------
Ran Xiaokai (1):
      set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds

 kernel/sys.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ