linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Djalal Harouni <tixxdz@opendz.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
	Andy Lutomirski <luto@amacapital.net>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	David Rientjes <rientjes@google.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Linux FS Devel <linux-fsdevel@vger.kernel.org>,
	"kernel-hardening@lists.openwall.com"
	<kernel-hardening@lists.openwall.com>,
	Djalal Harouni <tixxdz@gmail.com>
Subject: Re: [PATCH v2 0/9] procfs: protect /proc/<pid>/* files with file->f_cred
Date: Fri, 4 Oct 2013 10:05:38 +0100	[thread overview]
Message-ID: <20131004090538.GB2157@dztty> (raw)
In-Reply-To: <20131003061244.GC25345@gmail.com>

On Thu, Oct 03, 2013 at 08:12:44AM +0200, Ingo Molnar wrote:
> So please first get consensus on this fundamental design question before 
> spreading your solution to more areas.
Check file_ns_capable() added in commit 935d8aabd4331 by Linus
Add file_ns_capable() helper function for open-time capability checking

commit 6708075f104c3c9b0 by Eric,
userns: Don't let unprivileged users trick privileged users into setting
the id_map

So they add file_ns_capable() to inspect file->f_cred during ->write()

The difference between the function I've added proc_allow_access() and
file_ns_capable() is that proc_allow_access() will check if it's
absolutely the same user, otherwise fallback to security_capable() which
is the heart of file_ns_capable()

So it's already been done and proposed! this is an easy solution to
detect if current's cred have changed.


> Thanks,
> 
> 	Ingo

-- 
Djalal Harouni
http://opendz.org

  parent reply	other threads:[~2013-10-04  9:05 UTC|newest]

Thread overview: 68+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-01 20:26 [PATCH v2 0/9] procfs: protect /proc/<pid>/* files with file->f_cred Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 1/9] procfs: add proc_same_open_cred() to check if the cred have changed Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 2/9] procfs: add proc_allow_access() to check if file's opener may access task Djalal Harouni
2013-10-02  1:36   ` Andy Lutomirski
2013-10-02 14:55     ` Djalal Harouni
2013-10-02 16:44       ` Andy Lutomirski
2013-10-03 14:36         ` Djalal Harouni
2013-10-03 15:12           ` Andy Lutomirski
2013-10-03 19:29             ` Djalal Harouni
2013-10-03 19:37               ` Andy Lutomirski
2013-10-03 20:13                 ` Djalal Harouni
2013-10-03 21:09                   ` Andy Lutomirski
2013-10-04  8:59                     ` Djalal Harouni
2013-10-04 15:40                       ` Andy Lutomirski
2013-10-04 18:23                         ` Djalal Harouni
2013-10-04 18:34                           ` Andy Lutomirski
2013-10-04 19:11                             ` Djalal Harouni
2013-10-04 19:16                               ` Andy Lutomirski
2013-10-04 19:27                                 ` Djalal Harouni
2013-10-04 19:32                                   ` Andy Lutomirski
2013-10-04 19:41                                     ` Djalal Harouni
2013-10-04 22:17                                       ` Andy Lutomirski
2013-10-04 22:55                                         ` Eric W. Biederman
2013-10-04 22:59                                           ` Andy Lutomirski
2013-10-04 23:08                                             ` Andy Lutomirski
2013-10-05  0:35                                             ` Eric W. Biederman
2013-10-09 10:35                                               ` Djalal Harouni
2013-10-05 13:23                                         ` Djalal Harouni
2013-10-07 21:41                                           ` Andy Lutomirski
2013-10-09 10:54                                             ` Djalal Harouni
2013-10-09 11:15                                               ` Djalal Harouni
2013-10-09 17:27                                               ` Andy Lutomirski
2013-10-13 10:18                                                 ` Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 3/9] procfs: Document the proposed solution to protect procfs entries Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 4/9] procfs: make /proc/*/{stack,syscall} 0400 Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 5/9] procfs: make /proc entries that use seq files able to access file->f_cred Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 6/9] procfs: add permission checks on the file's opener of /proc/*/stat Djalal Harouni
2013-10-02  1:39   ` Andy Lutomirski
2013-10-02 15:14     ` Djalal Harouni
2013-10-02 16:46       ` Andy Lutomirski
2013-10-02 19:00         ` Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 7/9] procfs: add permission checks on the file's opener of /proc/*/personality Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 8/9] procfs: improve permission checks on /proc/*/stack Djalal Harouni
2013-10-01 20:26 ` [PATCH v2 9/9] procfs: improve permission checks on /proc/*/syscall Djalal Harouni
2013-10-02  1:40 ` [PATCH v2 0/9] procfs: protect /proc/<pid>/* files with file->f_cred Andy Lutomirski
2013-10-02 14:37   ` Djalal Harouni
2013-10-02 16:51     ` Andy Lutomirski
2013-10-02 17:48       ` Kees Cook
2013-10-02 18:00         ` Andy Lutomirski
2013-10-02 18:07           ` Kees Cook
2013-10-03 23:14             ` Julien Tinnes
2013-10-02 18:26           ` Djalal Harouni
2013-10-02 18:41             ` Djalal Harouni
2013-10-02 18:22         ` Djalal Harouni
2013-10-02 18:35           ` Kees Cook
2013-10-02 18:48             ` Djalal Harouni
2013-10-02 19:43               ` Kees Cook
2013-10-03  6:12               ` Ingo Molnar
2013-10-03 12:29                 ` Djalal Harouni
2013-10-03 15:15                   ` Andy Lutomirski
2013-10-03 15:40                     ` Djalal Harouni
2013-10-03 15:50                       ` Andy Lutomirski
2013-10-03 18:37                         ` Djalal Harouni
2013-10-04  9:05                 ` Djalal Harouni [this message]
2013-10-02 18:12       ` Djalal Harouni
2013-10-03  6:22         ` Ingo Molnar
2013-10-03 12:56           ` Djalal Harouni
2013-10-03 13:39             ` Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131004090538.GB2157@dztty \
    --to=tixxdz@opendz.org \
    --cc=akpm@linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=gorcunov@openvz.org \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@kernel.org \
    --cc=rientjes@google.com \
    --cc=serge.hallyn@ubuntu.com \
    --cc=tixxdz@gmail.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).