Re: [PATCH, local root on 2.4, 2.6?] compute_creds race
From: Andy Lutomirski
Date: Sat Apr 10 2004 - 10:43:36 EST
Olaf Dietsche wrote:
Andy Lutomirski <luto@xxxxxxxxxxxxx> writes:
The setuid program is now running with uid=euid=500 but full permitted
capabilities. There are two (or three) ways to effectively get local
root now:
What about this slightly shorter fix?
diff -urN a/fs/exec.c b/fs/exec.c
--- a/fs/exec.c Fri Mar 12 01:19:06 2004
+++ b/fs/exec.c Sat Apr 10 10:54:20 2004
@@ -942,6 +942,9 @@
if(!capable(CAP_SETUID)) {
bprm->e_uid = current->uid;
bprm->e_gid = current->gid;
+ cap_clear (bprm->cap_inheritable);
+ cap_clear (bprm->cap_permitted);
+ cap_clear (bprm->cap_effective);
}
}
}
This makes the bprm_compute_creds hook even less sane than now (i.e. it assumes
that all LSMs will work like the current capability modules). The hook should
allow LSM to change this functionality without reintroducing the race. For
example, it breaks my work on fixing capabilities.
--Andy
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/