Re: [PATCH, local root on 2.4, 2.6?] compute_creds race

From: Andy Lutomirski
Date: Sat Apr 10 2004 - 10:43:36 EST

Next message: Daniel Ritz: "Re: 2.6.5 yenta_socket irq 10: nobody cared!"
Previous message: Kronos: "Re: [PATCH] New ID for ftdi_sio"
In reply to: Olaf Dietsche: "Re: [PATCH, local root on 2.4, 2.6?] compute_creds race"
Next in thread: Olaf Dietsche: "Re: [PATCH, local root on 2.4, 2.6?] compute_creds race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Olaf Dietsche wrote:

Andy Lutomirski <luto@xxxxxxxxxxxxx> writes:

The setuid program is now running with uid=euid=500 but full permitted
capabilities. There are two (or three) ways to effectively get local
root now:

What about this slightly shorter fix?

diff -urN a/fs/exec.c b/fs/exec.c
--- a/fs/exec.c Fri Mar 12 01:19:06 2004
+++ b/fs/exec.c Sat Apr 10 10:54:20 2004
@@ -942,6 +942,9 @@
if(!capable(CAP_SETUID)) {
bprm->e_uid = current->uid;
bprm->e_gid = current->gid;
+ cap_clear (bprm->cap_inheritable);
+ cap_clear (bprm->cap_permitted);
+ cap_clear (bprm->cap_effective);
}
}
}

This makes the bprm_compute_creds hook even less sane than now (i.e. it assumes that all LSMs will work like the current capability modules). The hook should allow LSM to change this functionality without reintroducing the race. For example, it breaks my work on fixing capabilities.

--Andy

Regards, Olaf.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Ritz: "Re: 2.6.5 yenta_socket irq 10: nobody cared!"
Previous message: Kronos: "Re: [PATCH] New ID for ftdi_sio"
In reply to: Olaf Dietsche: "Re: [PATCH, local root on 2.4, 2.6?] compute_creds race"
Next in thread: Olaf Dietsche: "Re: [PATCH, local root on 2.4, 2.6?] compute_creds race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]