From: Wander Lairson Costa <wander@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Eric Biederman <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>, Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>,
Daniel Bristot de Oliveira <bristot@redhat.com>,
Laurent Vivier <laurent@vivier.eu>,
YunQiang Su <ysu@wavecomp.com>, Helge Deller <deller@gmx.de>,
Wander Lairson Costa <wander@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jens Axboe <axboe@kernel.dk>, Alexey Gladkov <legion@kernel.org>,
David Hildenbrand <david@redhat.com>,
Rolf Eike Beer <eb@emlix.com>,
linux-fsdevel@vger.kernel.org (open list:FILESYSTEMS (VFS and
infrastructure)), linux-kernel@vger.kernel.org (open list)
Subject: [PATCH RFC v2 2/4] process: add the PF_SUID flag
Date: Tue, 28 Dec 2021 14:09:06 -0300 [thread overview]
Message-ID: <20211228170910.623156-3-wander@redhat.com> (raw)
In-Reply-To: <20211228170910.623156-1-wander@redhat.com>
If the binary file in an execve system call is a suid executable, we add
the PF_SUID flag to the process and all its future new children and
threads.
In a later commit, we will use this information to determine if it is
safe to core dump such a process.
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
---
fs/exec.c | 4 ++++
include/linux/sched.h | 1 +
kernel/fork.c | 2 ++
3 files changed, 7 insertions(+)
diff --git a/fs/exec.c b/fs/exec.c
index ec07b36fdbb4..81d6ab9a4f64 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1309,6 +1309,10 @@ int begin_new_exec(struct linux_binprm * bprm)
me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD |
PF_NOFREEZE | PF_NO_SETAFFINITY);
+
+ if (bprm->suid_bin)
+ me->flags |= PF_SUID;
+
flush_thread();
me->personality &= ~bprm->per_clear;
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 78c351e35fec..8ec2f907fb89 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1683,6 +1683,7 @@ extern struct pid *cad_pid;
#define PF_KTHREAD 0x00200000 /* I am a kernel thread */
#define PF_RANDOMIZE 0x00400000 /* Randomize virtual address space */
#define PF_SWAPWRITE 0x00800000 /* Allowed to write to swap */
+#define PF_SUID 0x01000000 /* The process comes from a suid/sgid binary */
#define PF_NO_SETAFFINITY 0x04000000 /* Userland is not allowed to meddle with cpus_mask */
#define PF_MCE_EARLY 0x08000000 /* Early kill for mce process policy */
#define PF_MEMALLOC_PIN 0x10000000 /* Allocation context constrained to zones which allow long term pinning. */
diff --git a/kernel/fork.c b/kernel/fork.c
index 3244cc56b697..f0375d102b57 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2076,6 +2076,8 @@ static __latent_entropy struct task_struct *copy_process(
delayacct_tsk_init(p); /* Must remain after dup_task_struct() */
p->flags &= ~(PF_SUPERPRIV | PF_WQ_WORKER | PF_IDLE | PF_NO_SETAFFINITY);
p->flags |= PF_FORKNOEXEC;
+ if (current->flags & PF_SUID)
+ p->flags |= PF_SUID;
INIT_LIST_HEAD(&p->children);
INIT_LIST_HEAD(&p->sibling);
rcu_copy_process(p);
--
2.27.0
next prev parent reply other threads:[~2021-12-28 17:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-28 17:09 [PATCH RFC v2 0/4] coredump: mitigate privilege escalation of process coredump Wander Lairson Costa
2021-12-28 17:09 ` [PATCH RFC v2 1/4] exec: add a flag indicating if an exec file is a suid/sgid Wander Lairson Costa
2021-12-28 17:09 ` Wander Lairson Costa [this message]
2021-12-28 17:09 ` [PATCH RFC v2 3/4] coredump: mitigate privilege escalation of process coredump Wander Lairson Costa
2021-12-28 17:09 ` [PATCH RFC v2 4/4] exec: only set the suid flag if the current proc isn't root Wander Lairson Costa
2022-01-03 22:11 ` [PATCH RFC v2 0/4] coredump: mitigate privilege escalation of process coredump Eric W. Biederman
2022-01-05 12:30 ` Wander Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211228170910.623156-3-wander@redhat.com \
--to=wander@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=bristot@redhat.com \
--cc=bsegall@google.com \
--cc=david@redhat.com \
--cc=deller@gmx.de \
--cc=dietmar.eggemann@arm.com \
--cc=eb@emlix.com \
--cc=ebiederm@xmission.com \
--cc=juri.lelli@redhat.com \
--cc=keescook@chromium.org \
--cc=laurent@vivier.eu \
--cc=legion@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=vincent.guittot@linaro.org \
--cc=viro@zeniv.linux.org.uk \
--cc=ysu@wavecomp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.