| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Dec 2021 14:09:06 -0300
From: Wander Lairson Costa <wander@...hat.com>
To: Alexander Viro <viro@...iv.linux.org.uk>,
Eric Biederman <ebiederm@...ssion.com>,
Kees Cook <keescook@...omium.org>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Juri Lelli <juri.lelli@...hat.com>,
Vincent Guittot <vincent.guittot@...aro.org>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Steven Rostedt <rostedt@...dmis.org>,
Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>,
Daniel Bristot de Oliveira <bristot@...hat.com>,
Laurent Vivier <laurent@...ier.eu>,
YunQiang Su <ysu@...ecomp.com>, Helge Deller <deller@....de>,
Wander Lairson Costa <wander@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Jens Axboe <axboe@...nel.dk>,
Alexey Gladkov <legion@...nel.org>,
David Hildenbrand <david@...hat.com>,
Rolf Eike Beer <eb@...ix.com>,
linux-fsdevel@...r.kernel.org (open list:FILESYSTEMS (VFS and
infrastructure)), linux-kernel@...r.kernel.org (open list)
Subject: [PATCH RFC v2 2/4] process: add the PF_SUID flag
If the binary file in an execve system call is a suid executable, we add
the PF_SUID flag to the process and all its future new children and
threads.
In a later commit, we will use this information to determine if it is
safe to core dump such a process.
Signed-off-by: Wander Lairson Costa <wander@...hat.com>
---
fs/exec.c | 4 ++++
include/linux/sched.h | 1 +
kernel/fork.c | 2 ++
3 files changed, 7 insertions(+)
diff --git a/fs/exec.c b/fs/exec.c
index ec07b36fdbb4..81d6ab9a4f64 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1309,6 +1309,10 @@ int begin_new_exec(struct linux_binprm * bprm)
me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD |
PF_NOFREEZE | PF_NO_SETAFFINITY);
+
+ if (bprm->suid_bin)
+ me->flags |= PF_SUID;
+
flush_thread();
me->personality &= ~bprm->per_clear;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 78c351e35fec..8ec2f907fb89 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1683,6 +1683,7 @@ extern struct pid *cad_pid;
#define PF_KTHREAD 0x00200000 /* I am a kernel thread */
#define PF_RANDOMIZE 0x00400000 /* Randomize virtual address space */
#define PF_SWAPWRITE 0x00800000 /* Allowed to write to swap */
+#define PF_SUID 0x01000000 /* The process comes from a suid/sgid binary */
#define PF_NO_SETAFFINITY 0x04000000 /* Userland is not allowed to meddle with cpus_mask */
#define PF_MCE_EARLY 0x08000000 /* Early kill for mce process policy */
#define PF_MEMALLOC_PIN 0x10000000 /* Allocation context constrained to zones which allow long term pinning. */
diff --git a/kernel/fork.c b/kernel/fork.c
index 3244cc56b697..f0375d102b57 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2076,6 +2076,8 @@ static __latent_entropy struct task_struct *copy_process(
delayacct_tsk_init(p); /* Must remain after dup_task_struct() */
p->flags &= ~(PF_SUPERPRIV | PF_WQ_WORKER | PF_IDLE | PF_NO_SETAFFINITY);
p->flags |= PF_FORKNOEXEC;
+ if (current->flags & PF_SUID)
+ p->flags |= PF_SUID;
INIT_LIST_HEAD(&p->children);
INIT_LIST_HEAD(&p->sibling);
rcu_copy_process(p);
--
2.27.0
Powered by blists - more mailing lists