| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202505201533.CEB79A19FF@keescook> Date: Tue, 20 May 2025 15:35:03 -0700 From: Kees Cook <kees@...nel.org> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Jann Horn <jannh@...gle.com>, Max Kellermann <max.kellermann@...os.com>, "Serge E. Hallyn" <serge@...lyn.com>, paul@...l-moore.com, jmorris@...ei.org, Andy Lutomirski <luto@...nel.org>, morgan@...nel.org, Christian Brauner <christian@...uner.io>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] exec: Correct the permission check for unsafe exec On Tue, May 20, 2025 at 05:13:03PM -0500, Eric W. Biederman wrote: > Max Kellerman recently experienced a problem[1] when calling exec with > differing uid and euid's and he triggered the logic that is supposed > to only handle setuid executables. Max, can you verify this patch solves your use case? > [...] > To minimize behavioural changes the code continues to set secureexec > when euid != uid or when egid != gid. > [...] > @@ -993,7 +987,9 @@ int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file) > return -EPERM; > > /* Check for privilege-elevated exec. */ > - if (is_setid || > + if (id_changed || > + !uid_eq(new->euid, old->uid) || > + !gid_eq(new->egid, old->gid) || > (!__is_real(root_uid, new) && > (effective || > __cap_grew(permitted, ambient, new)))) Great! Thanks for the secureexec tweak here. Jann, does this look reasonable to you? -Kees -- Kees Cook
Powered by blists - more mailing lists