Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Adrian Reber <areber@redhat.com>
To: "Christian Brauner" <christian.brauner@ubuntu.com>,
"Eric Biederman" <ebiederm@xmission.com>,
"Pavel Emelyanov" <ovzxemul@gmail.com>,
"Oleg Nesterov" <oleg@redhat.com>,
"Dmitry Safonov" <0x7f454c46@gmail.com>,
"Andrei Vagin" <avagin@gmail.com>,
"Nicolas Viennot" <Nicolas.Viennot@twosigma.com>,
"Michał Cłapiński" <mclapinski@google.com>,
"Kamil Yurtsever" <kyurtsever@google.com>,
"Dirk Petersen" <dipeit@gmail.com>,
"Christine Flood" <chf@redhat.com>,
"Casey Schaufler" <casey@schaufler-ca.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>,
Radostin Stoyanov <rstoyanov1@gmail.com>,
Adrian Reber <areber@redhat.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Serge Hallyn <serge@hallyn.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Sargun Dhillon <sargun@sargun.me>, Arnd Bergmann <arnd@arndb.de>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, selinux@vger.kernel.org,
Eric Paris <eparis@parisplace.org>, Jann Horn <jannh@google.com>,
linux-fsdevel@vger.kernel.org
Subject: [PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link
Date: Wed, 15 Jul 2020 16:49:53 +0200 [thread overview]
Message-ID: <20200715144954.1387760-6-areber@redhat.com> (raw)
In-Reply-To: <20200715144954.1387760-1-areber@redhat.com>
From: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Allow CAP_CHECKPOINT_RESTORE capable users to change /proc/self/exe.
This commit also changes the permission error code from -EINVAL to
-EPERM for consistency with the rest of the prctl() syscall when
checking capabilities.
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Signed-off-by: Adrian Reber <areber@redhat.com>
---
kernel/sys.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index 00a96746e28a..dd59b9142b1d 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2007,12 +2007,14 @@ static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data
if (prctl_map.exe_fd != (u32)-1) {
/*
- * Make sure the caller has the rights to
- * change /proc/pid/exe link: only local sys admin should
- * be allowed to.
+ * Check if the current user is checkpoint/restore capable.
+ * At the time of this writing, it checks for CAP_SYS_ADMIN
+ * or CAP_CHECKPOINT_RESTORE.
+ * Note that a user with access to ptrace can masquerade an
+ * arbitrary program as any executable, even setuid ones.
*/
- if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
- return -EINVAL;
+ if (!checkpoint_restore_ns_capable(current_user_ns()))
+ return -EPERM;
error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd);
if (error)
--
2.26.2
next prev parent reply other threads:[~2020-07-15 14:53 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 14:49 [PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE Adrian Reber
2020-07-15 14:49 ` [PATCH v5 1/6] " Adrian Reber
2020-07-15 15:06 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 2/6] pid: use checkpoint_restore_ns_capable() for set_tid Adrian Reber
2020-07-15 15:08 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 3/6] pid_namespace: use checkpoint_restore_ns_capable() for ns_last_pid Adrian Reber
2020-07-15 15:08 ` Christian Brauner
2020-07-15 14:49 ` [PATCH v5 4/6] proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE Adrian Reber
2020-07-15 21:17 ` Cyrill Gorcunov
2020-07-16 8:51 ` Christian Brauner
2020-07-15 14:49 ` Adrian Reber [this message]
2020-07-15 15:20 ` [PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link Christian Brauner
2020-07-15 15:49 ` Nicolas Viennot
2020-07-15 14:49 ` [PATCH v5 6/6] selftests: add clone3() CAP_CHECKPOINT_RESTORE test Adrian Reber
2020-07-15 15:24 ` Christian Brauner
2020-07-18 3:24 ` [PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE Serge E. Hallyn
2020-07-18 17:47 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200715144954.1387760-6-areber@redhat.com \
--to=areber@redhat.com \
--cc=0x7f454c46@gmail.com \
--cc=Nicolas.Viennot@twosigma.com \
--cc=arnd@arndb.de \
--cc=avagin@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=chf@redhat.com \
--cc=christian.brauner@ubuntu.com \
--cc=dipeit@gmail.com \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=gorcunov@openvz.org \
--cc=jannh@google.com \
--cc=kyurtsever@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mclapinski@google.com \
--cc=oleg@redhat.com \
--cc=ovzxemul@gmail.com \
--cc=rppt@linux.ibm.com \
--cc=rstoyanov1@gmail.com \
--cc=sargun@sargun.me \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--subject='Re: [PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).