mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-24 23:52:40 +00:00
exec: Ensure mm->user_ns contains the execed files
When the user namespace support was merged the need to prevent
ptrace from revealing the contents of an unreadable executable
was overlooked.
Correct this oversight by ensuring that the executed file
or files are in mm->user_ns, by adjusting mm->user_ns.
Use the new function privileged_wrt_inode_uidgid to see if
the executable is a member of the user namespace, and as such
if having CAP_SYS_PTRACE in the user namespace should allow
tracing the executable. If not update mm->user_ns to
the parent user namespace until an appropriate parent is found.
Cc: stable@vger.kernel.org
Reported-by: Jann Horn <jann@thejh.net>
Fixes: 9e4a36ece6 ("userns: Fail exec for suid and sgid binaries with ids outside our user namespace.")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
parent
84d77d3f06
commit
f84df2a6f2
3 changed files with 32 additions and 4 deletions
19
fs/exec.c
19
fs/exec.c
|
|
@ -1275,8 +1275,22 @@ EXPORT_SYMBOL(flush_old_exec);
|
|||
|
||||
void would_dump(struct linux_binprm *bprm, struct file *file)
|
||||
{
|
||||
if (inode_permission(file_inode(file), MAY_READ) < 0)
|
||||
struct inode *inode = file_inode(file);
|
||||
if (inode_permission(inode, MAY_READ) < 0) {
|
||||
struct user_namespace *old, *user_ns;
|
||||
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
|
||||
|
||||
/* Ensure mm->user_ns contains the executable */
|
||||
user_ns = old = bprm->mm->user_ns;
|
||||
while ((user_ns != &init_user_ns) &&
|
||||
!privileged_wrt_inode_uidgid(user_ns, inode))
|
||||
user_ns = user_ns->parent;
|
||||
|
||||
if (old != user_ns) {
|
||||
bprm->mm->user_ns = get_user_ns(user_ns);
|
||||
put_user_ns(old);
|
||||
}
|
||||
}
|
||||
}
|
||||
EXPORT_SYMBOL(would_dump);
|
||||
|
||||
|
|
@ -1306,7 +1320,6 @@ void setup_new_exec(struct linux_binprm * bprm)
|
|||
!gid_eq(bprm->cred->gid, current_egid())) {
|
||||
current->pdeath_signal = 0;
|
||||
} else {
|
||||
would_dump(bprm, bprm->file);
|
||||
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
|
||||
set_dumpable(current->mm, suid_dumpable);
|
||||
}
|
||||
|
|
@ -1741,6 +1754,8 @@ static int do_execveat_common(int fd, struct filename *filename,
|
|||
if (retval < 0)
|
||||
goto out;
|
||||
|
||||
would_dump(bprm, bprm->file);
|
||||
|
||||
retval = exec_binprm(bprm);
|
||||
if (retval < 0)
|
||||
goto out;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue