github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
ef9744a021
linux/security
History
Jann Horn ef9744a021 Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set 
commit 3675f052b4 upstream.

There is a logic bug in the current smack_bprm_set_creds():
If LSM_UNSAFE_PTRACE is set, but the ptrace state is deemed to be
acceptable (e.g. because the ptracer detached in the meantime), the other
->unsafe flags aren't checked. As far as I can tell, this means that
something like the following could work (but I haven't tested it):

 - task A: create task B with fork()
 - task B: set NO_NEW_PRIVS
 - task B: install a seccomp filter that makes open() return 0 under some
   conditions
 - task B: replace fd 0 with a malicious library
 - task A: attach to task B with PTRACE_ATTACH
 - task B: execve() a file with an SMACK64EXEC extended attribute
 - task A: while task B is still in the middle of execve(), exit (which
   destroys the ptrace relationship)

Make sure that if any flags other than LSM_UNSAFE_PTRACE are set in
bprm->unsafe, we reject the execve().

Cc: stable@vger.kernel.org
Fixes: 5663884caa ("Smack: unify all ptrace accesses in the smack")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-10-07 18:57:27 +02:00
..
apparmor apparmor: reset pos on failure to unpack for various functions 2019-09-16 08:22:16 +02:00
integrity evm: check hash algorithm passed to init_desc() 2019-06-09 09:17:21 +02:00
keys keys: Fix missing null pointer check in request_key_auth_describe() 2019-09-21 07:17:13 +02:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux selinux: fix memory leak in policydb_init() 2019-08-06 19:06:54 +02:00
smack Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set 2019-10-07 18:57:27 +02:00
tomoyo Kbuild updates for v4.19 2018-08-15 12:09:03 -07:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
commoncap.c cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() 2018-08-11 02:05:53 -05:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
Kconfig Revert "x86/mm/legacy: Populate the user page-table with user pgd's" 2018-09-14 17:08:45 +02:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c LSM: Check for NULL cred-security on free 2019-01-22 21:40:35 +01:00