Re: [PATCH] CRED: Fix SUID exec regression

[David Smith]

David Howells wrote:
> The patch:
> 
> 	commit a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d
> 	CRED: Make execve() take advantage of copy-on-write credentials
> 
> moved the place in which the 'safeness' of a SUID/SGID exec was performed to
> before de_thread() was called.  This means that LSM_UNSAFE_SHARE is now
> calculated incorrectly.  This flag is set if any of the usage counts for
> fs_struct, files_struct and sighand_struct are greater than 1 at the time the
> determination is made.  All of which are true for threads created by the
> pthread library.
> 
> However, since we wish to make the security calculation before irrevocably
> damaging the process so that we can return it an error code in the case where
> we decide we want to reject the exec request on this basis, we have to make the
> determination before calling de_thread().
> 
> So, instead, we count up the number of threads (CLONE_THREAD) that are sharing
> our fs_struct (CLONE_FS), files_struct (CLONE_FILES) and sighand_structs
> (CLONE_SIGHAND/CLONE_THREAD) with us.  These will be killed by de_thread() and
> so can be discounted by check_unsafe_exec().

...

> Reported-by: David Smith <dsmith@xxxxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>

I've tested this patch (applied on top of v2.6.29-rc3-634-g9be260a) and
it applies correctly and fixes the problem.  David, thanks for fixing this.

Acked-by: David Smith <dsmith@xxxxxxxxxx>

-- 
David Smith
dsmith@xxxxxxxxxx
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/