From: Benjamin Gordon <bmgordon@google.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org,
John Stultz <john.stultz@linaro.org>,
Kees Cook <keescook@chromium.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Thomas Gleixner <tglx@linutronix.de>,
Arjan van de Ven <arjan@linux.intel.com>,
Oren Laadan <orenl@cellrox.com>,
Ruchi Kandoi <kandoiruchi@google.com>,
Rom Lemarchand <romlem@android.com>, Todd Kjos <tkjos@google.com>,
Colin Cross <ccross@android.com>, Nick Kralevich <nnk@google.com>,
Dmitry Shmidt <dimitrysh@google.com>,
Elliott Hughes <enh@google.com>,
Android Kernel Team <kernel-team@android.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] proc: use ns_capable instead of capable for timerslack_ns
Date: Tue, 30 Oct 2018 10:40:27 -0600 [thread overview]
Message-ID: <20181030164027.GA184838@google.com> (raw)
In-Reply-To: <87in1pn9d0.fsf@xmission.com>
On Thu, Oct 25, 2018 at 01:56:27PM -0500, Eric W. Biederman wrote:
> > Access to timerslack_ns is controlled by a process having CAP_SYS_NICE
> > in its effective capability set, but the current check looks in the root
> > namespace instead of the process' user namespace. Since a process is
> > allowed to do other activities controlled by CAP_SYS_NICE inside a
> > namespace, it should also be able to adjust timerslack_ns.
>
> The goal seems legitimate. However the permission checks look wrong.
>
> In particular the choice of user namespace should be
> "p->cred->user_ns". This will limit this to tasks that have
> CAP_SYS_NICE in the same namespace as the task that is being modified.
>
> Testing file->f_cred->user_ns it is testing whoever opened the file and
> that could be anyone.
Thanks, that seems like the right answer here. I'll send a v2 to fix
it.
Thanks,
Benjamin
prev parent reply other threads:[~2018-10-30 16:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 22:47 [PATCH] proc: use ns_capable instead of capable for timerslack_ns bmgordon
2018-10-25 17:09 ` Benjamin Gordon
2018-10-25 17:20 ` John Stultz
2018-10-25 18:56 ` Eric W. Biederman
2018-10-30 16:40 ` Benjamin Gordon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181030164027.GA184838@google.com \
--to=bmgordon@google.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@linux.intel.com \
--cc=ccross@android.com \
--cc=dimitrysh@google.com \
--cc=ebiederm@xmission.com \
--cc=enh@google.com \
--cc=john.stultz@linaro.org \
--cc=kandoiruchi@google.com \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nnk@google.com \
--cc=orenl@cellrox.com \
--cc=romlem@android.com \
--cc=serge@hallyn.com \
--cc=tglx@linutronix.de \
--cc=tkjos@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.