github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
701ec6e5ce
linux/include
History
Eric W. Biederman b35f34f669 exec: Ensure mm->user_ns contains the execed files 
commit f84df2a6f2 upstream.

When the user namespace support was merged the need to prevent
ptrace from revealing the contents of an unreadable executable
was overlooked.

Correct this oversight by ensuring that the executed file
or files are in mm->user_ns, by adjusting mm->user_ns.

Use the new function privileged_wrt_inode_uidgid to see if
the executable is a member of the user namespace, and as such
if having CAP_SYS_PTRACE in the user namespace should allow
tracing the executable.  If not update mm->user_ns to
the parent user namespace until an appropriate parent is found.

Reported-by: Jann Horn <jann@thejh.net>
Fixes: 9e4a36ece6 ("userns: Fail exec for suid and sgid binaries with ids outside our user namespace.")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-01-06 11:16:14 +01:00
..
acpi
asm-generic asm-generic: make copy_from_user() zero the destination properly 2016-09-24 10:07:45 +02:00
clocksource
crypto crypto: ghash-generic - move common definitions to a new header file 2016-10-22 12:26:56 +02:00
drm drm/prime: Pass the right module owner through to dma_buf_export() 2016-10-31 04:13:57 -06:00
dt-bindings ARM: DT updates for v4.4 2015-11-10 15:06:26 -08:00
keys
kvm KVM: arm/arm64: arch_timer: Preserve physical dist. active state on LR.active 2015-11-24 18:07:40 +01:00
linux exec: Ensure mm->user_ns contains the execed files 2017-01-06 11:16:14 +01:00
math-emu
media videobuf2-core: Check user space planes array in dqbuf 2016-05-04 14:48:50 -07:00
memory
misc
net tcp: take care of truncations done by sk_filter() 2016-11-21 10:06:40 +01:00
pcmcia
ras
rdma IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
rxrpc
scsi scsi: Add intermediate STARGET_REMOVE state to scsi_target_state 2016-06-01 12:15:54 -07:00
soc ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
sound ALSA: rawmidi: Make snd_rawmidi_transmit() race-free 2016-02-17 12:30:58 -08:00
target target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE 2016-10-28 03:01:36 -04:00
trace SUNRPC: Don't allocate a full sockaddr_storage for tracing 2016-08-20 18:09:26 +02:00
uapi can: raw: raw_setsockopt: limit number of can_filter that can be set 2016-12-15 08:49:22 -08:00
video drm/imx: Match imx-ipuv3-crtc components using device node in platform data 2016-06-07 18:14:37 -07:00
xen xen: Fix page <-> pfn conversion on 32 bit systems 2016-05-11 11:21:14 +02:00
Kbuild