diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2019-07-23 19:44:27 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-07-23 19:44:27 +0100 |
| commit | 52c5c6a27046163299a7595a19a9bedb1d0ba112 (patch) | |
| tree | f91afa4295f2decb6a33148d3f0b038e13cd488f /queue-3.16 | |
| parent | 7898e7f892306a52e0c47b729cd81e447a16b255 (diff) | |
| download | linux-stable-queue-52c5c6a27046163299a7595a19a9bedb1d0ba112.tar.gz | |
Release 3.16.71
Diffstat (limited to 'queue-3.16')
| -rw-r--r-- | queue-3.16/ptrace-fix-ptracer_cred-handling-for-ptrace_traceme.patch | 52 | ||||
| -rw-r--r-- | queue-3.16/series | 1 |
2 files changed, 0 insertions, 53 deletions
diff --git a/queue-3.16/ptrace-fix-ptracer_cred-handling-for-ptrace_traceme.patch b/queue-3.16/ptrace-fix-ptracer_cred-handling-for-ptrace_traceme.patch deleted file mode 100644 index 00aa0c14..00000000 --- a/queue-3.16/ptrace-fix-ptracer_cred-handling-for-ptrace_traceme.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Jann Horn <jannh@google.com> -Date: Thu, 4 Jul 2019 17:32:23 +0200 -Subject: ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME - -commit 6994eefb0053799d2e07cd140df6c2ea106c41ee upstream. - -Fix two issues: - -When called for PTRACE_TRACEME, ptrace_link() would obtain an RCU -reference to the parent's objective credentials, then give that pointer -to get_cred(). However, the object lifetime rules for things like -struct cred do not permit unconditionally turning an RCU reference into -a stable reference. - -PTRACE_TRACEME records the parent's credentials as if the parent was -acting as the subject, but that's not the case. If a malicious -unprivileged child uses PTRACE_TRACEME and the parent is privileged, and -at a later point, the parent process becomes attacker-controlled -(because it drops privileges and calls execve()), the attacker ends up -with control over two processes with a privileged ptrace relationship, -which can be abused to ptrace a suid binary and obtain root privileges. - -Fix both of these by always recording the credentials of the process -that is requesting the creation of the ptrace relationship: -current_cred() can't change under us, and current is the proper subject -for access control. - -This change is theoretically userspace-visible, but I am not aware of -any code that it will actually break. - -Fixes: 64b875f7ac8a ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP") -Signed-off-by: Jann Horn <jannh@google.com> -Acked-by: Oleg Nesterov <oleg@redhat.com> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> ---- - kernel/ptrace.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -@@ -80,9 +80,7 @@ void __ptrace_link(struct task_struct *c - */ - static void ptrace_link(struct task_struct *child, struct task_struct *new_parent) - { -- rcu_read_lock(); -- __ptrace_link(child, new_parent, __task_cred(new_parent)); -- rcu_read_unlock(); -+ __ptrace_link(child, new_parent, current_cred()); - } - - /** diff --git a/queue-3.16/series b/queue-3.16/series deleted file mode 100644 index 839be5a3..00000000 --- a/queue-3.16/series +++ /dev/null @@ -1 +0,0 @@ -ptrace-fix-ptracer_cred-handling-for-ptrace_traceme.patch |