Re: [PATCH v2 0/2] setgid hardening

From: Andy Lutomirski
Date: Mon Jan 30 2017 - 22:56:37 EST


On Mon, Jan 30, 2017 at 7:49 PM, Michael Kerrisk <mtk.manpages@xxxxxxxxx> wrote:
> [CC += linux-api@]
>
> Andy, this is an API change!

Indeed. I should be ashamed of myself!

>
> On Sat, Jan 28, 2017 at 3:49 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>> The kernel has some dangerous behavior involving the creation and
>> modification of setgid executables. These issues aren't kernel
>> security bugs per se, but they have been used to turn various
>> filesystem permission oddities into reliably privilege escalation
>> exploits.
>>
>> See http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/
>> for a nice writeup.
>>
>> Let's fix them for real.
>>
>> Changes from v1:
>> - Fix uninitialized variable issue (Willy, Ben)
>> - Also check current creds in should_remove_suid() (Ben)
>>
>> Andy Lutomirski (2):
>> fs: Check f_cred as well as of current's creds in should_remove_suid()
>> fs: Harden against open(..., O_CREAT, 02777) in a setgid directory
>>
>> fs/inode.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++--------
>> fs/internal.h | 2 +-
>> fs/ocfs2/file.c | 4 ++--
>> fs/open.c | 2 +-
>> include/linux/fs.h | 2 +-
>> 5 files changed, 57 insertions(+), 14 deletions(-)
>>
>> --
>> 2.9.3
>>
>> --
>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>> the body to majordomo@xxxxxxxxxx For more info on Linux MM,
>> see: http://www.linux-mm.org/ .
>> Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
>
>
>
> --
> Michael Kerrisk Linux man-pages maintainer;
> http://www.kernel.org/doc/man-pages/
> Author of "The Linux Programming Interface", http://blog.man7.org/



--
Andy Lutomirski
AMA Capital Management, LLC