All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Andrew Morton <akpm@osdl.org>,
	containers@lists.linux-foundation.org,
	kernel list <linux-kernel@vger.kernel.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	dhowells@redhat.com, oleg@mail.hallyn.com,
	dlezcano@mail.hallyn.com,
	LSM <linux-security-module@vger.kernel.org>
Subject: [PATCH 04/10] allow killing tasks in your own or child userns
Date: Thu, 24 Feb 2011 15:02:36 +0000	[thread overview]
Message-ID: <20110224150236.GD8262@mail.hallyn.com> (raw)
In-Reply-To: <20110224150150.GA8262@mail.hallyn.com>


Changelog:
	Dec  8: Fixed bug in my check_kill_permission pointed out by
	        Eric Biederman.
	Dec 13: Apply Eric's suggestion to pass target task into kill_ok_by_cred()
	        for clarity
	Dec 31: address comment by Eric Biederman:
		don't need cred/tcred in check_kill_permission.
	Jan  1: use const cred struct.
	Jan 11: Per Bastian Blank's advice, clean up kill_ok_by_cred().
	Feb 16: kill_ok_by_cred: fix bad parentheses
	Feb 23: per akpm, let compiler inline kill_ok_by_cred

Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
---
 kernel/signal.c |   30 ++++++++++++++++++++++--------
 1 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index 4e3cff1..12702b4 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -636,13 +636,33 @@ static inline bool si_fromuser(const struct siginfo *info)
 }
 
 /*
+ * called with RCU read lock from check_kill_permission()
+ */
+static int kill_ok_by_cred(struct task_struct *t)
+{
+	const struct cred *cred = current_cred();
+	const struct cred *tcred = __task_cred(t);
+
+	if (cred->user->user_ns == tcred->user->user_ns &&
+	    (cred->euid == tcred->suid ||
+	     cred->euid == tcred->uid ||
+	     cred->uid  == tcred->suid ||
+	     cred->uid  == tcred->uid))
+		return 1;
+
+	if (ns_capable(tcred->user->user_ns, CAP_KILL))
+		return 1;
+
+	return 0;
+}
+
+/*
  * Bad permissions for sending the signal
  * - the caller must hold the RCU read lock
  */
 static int check_kill_permission(int sig, struct siginfo *info,
 				 struct task_struct *t)
 {
-	const struct cred *cred, *tcred;
 	struct pid *sid;
 	int error;
 
@@ -656,14 +676,8 @@ static int check_kill_permission(int sig, struct siginfo *info,
 	if (error)
 		return error;
 
-	cred = current_cred();
-	tcred = __task_cred(t);
 	if (!same_thread_group(current, t) &&
-	    (cred->euid ^ tcred->suid) &&
-	    (cred->euid ^ tcred->uid) &&
-	    (cred->uid  ^ tcred->suid) &&
-	    (cred->uid  ^ tcred->uid) &&
-	    !capable(CAP_KILL)) {
+	    !kill_ok_by_cred(t)) {
 		switch (sig) {
 		case SIGCONT:
 			sid = task_session(t);
-- 
1.7.0.4


  parent reply	other threads:[~2011-02-24 15:02 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-24 15:01 [PATCH 01/10] Add a user_namespace as creator/owner of uts_namespace Serge E. Hallyn
2011-02-24 15:02 ` [PATCH 02/10] security: Make capabilities relative to the user namespace Serge E. Hallyn
2011-02-24 15:02 ` [PATCH 03/10] allow sethostname in a container Serge E. Hallyn
2011-02-24 15:02 ` Serge E. Hallyn [this message]
2011-02-24 15:02 ` [PATCH 05/10] Allow ptrace from non-init user namespaces Serge E. Hallyn
2011-02-24 16:57   ` David Howells
     [not found] ` <20110224150150.GA8262-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 15:02   ` [PATCH 02/10] security: Make capabilities relative to the user namespace Serge E. Hallyn
2011-02-24 15:02   ` [PATCH 03/10] allow sethostname in a container Serge E. Hallyn
2011-02-24 15:02   ` [PATCH 04/10] allow killing tasks in your own or child userns Serge E. Hallyn
2011-02-24 15:02   ` [PATCH 05/10] Allow ptrace from non-init user namespaces Serge E. Hallyn
2011-02-24 15:02   ` [PATCH 06/10] user namespaces: convert all capable checks in kernel/sys.c Serge E. Hallyn
2011-02-24 15:03   ` [PATCH 07/10] add a user namespace owner of ipc ns Serge E. Hallyn
2011-02-24 15:03   ` [PATCH 08/10] user namespaces: convert several capable() calls Serge E. Hallyn
2011-02-24 15:03   ` [PATCH 09/10] userns: check user namespace for task->file uid equivalence checks Serge E. Hallyn
2011-02-24 15:03   ` [PATCH 10/10] rename is_owner_or_cap to inode_owner_or_capable Serge E. Hallyn
2011-02-24 17:03   ` [PATCH 01/10] Add a user_namespace as creator/owner of uts_namespace David Howells
2011-03-01  0:28   ` Andrew Morton
2011-02-24 15:02 ` [PATCH 06/10] user namespaces: convert all capable checks in kernel/sys.c Serge E. Hallyn
2011-02-24 15:03 ` [PATCH 07/10] add a user namespace owner of ipc ns Serge E. Hallyn
2011-02-24 15:03 ` [PATCH 08/10] user namespaces: convert several capable() calls Serge E. Hallyn
2011-02-24 15:03 ` [PATCH 09/10] userns: check user namespace for task->file uid equivalence checks Serge E. Hallyn
     [not found]   ` <20110224150315.GI8262-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-03-01 22:24     ` Nathan Lynch
2011-03-01 22:24   ` Nathan Lynch
2011-03-01 23:07     ` Serge E. Hallyn
2011-03-01 23:07     ` Serge E. Hallyn
2011-02-24 15:03 ` [PATCH 10/10] rename is_owner_or_cap to inode_owner_or_capable Serge E. Hallyn
     [not found] ` <20110224150243.GE8262-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-02-24 16:57   ` [PATCH 05/10] Allow ptrace from non-init user namespaces David Howells
2011-02-24 17:03 ` [PATCH 01/10] Add a user_namespace as creator/owner of uts_namespace David Howells
2011-03-01  0:28 ` Andrew Morton
2011-03-01  5:37   ` Serge E. Hallyn
     [not found]   ` <20110228162830.35a051a8.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-03-01  5:37     ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110224150236.GD8262@mail.hallyn.com \
    --to=serge@hallyn.com \
    --cc=akpm@osdl.org \
    --cc=containers@lists.linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=dlezcano@mail.hallyn.com \
    --cc=ebiederm@xmission.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=oleg@mail.hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.