From: Sasha Levin <sashal@kernel.org>
To: Loic <hackurx@opensec.fr>
Cc: stable@vger.kernel.org, s.mesoraca16@gmail.com,
keescook@chromium.org, solar@openwall.com,
viro@zeniv.linux.org.uk, dan.carpenter@oracle.com,
akpm@linux-foundation.org, torvalds@linux-foundation.org
Subject: Re: [PATCH] namei: allow restricted O_CREAT of FIFOs and regular files
Date: Thu, 15 Nov 2018 12:05:49 -0500 [thread overview]
Message-ID: <20181115170549.GD95254@sasha-vm> (raw)
In-Reply-To: <20181023203739.c43434428c1886d87e5e86e1@opensec.fr>
On Tue, Oct 23, 2018 at 08:37:39PM +0200, Loic wrote:
>Hello,
>
>Please picked up this patch for linux 4.9 and 4.14 (linux 4.4 needs a small modification).
>Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel.
>
>Compiled/tested without problem.
>
>Thank.
>
>[ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ]
>
>From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
>Date: Thu, 23 Aug 2018 17:00:35 -0700
>Subject: namei: allow restricted O_CREAT of FIFOs and regular files
>
>Disallows open of FIFOs or regular files not owned by the user in world
>writable sticky directories, unless the owner is the same as that of the
>directory or the file is opened without the O_CREAT flag. The purpose
>is to make data spoofing attacks harder. This protection can be turned
>on and off separately for FIFOs and regular files via sysctl, just like
>the symlinks/hardlinks protection. This patch is based on Openwall's
>"HARDEN_FIFO" feature by Solar Designer.
>
>This is a brief list of old vulnerabilities that could have been prevented
>by this feature, some of them even allow for privilege escalation:
>
>CVE-2000-1134
>CVE-2007-3852
>CVE-2008-0525
>CVE-2009-0416
>CVE-2011-4834
>CVE-2015-1838
>CVE-2015-7442
>CVE-2016-7489
>
>This list is not meant to be complete. It's difficult to track down all
>vulnerabilities of this kind because they were often reported without any
>mention of this particular attack vector. In fact, before
>hardlinks/symlinks restrictions, fifos/regular files weren't the favorite
>vehicle to exploit them.
>
>[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter]
> Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda
> Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com
>[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future]
>[keescook@chromium.org: adjust commit subjet]
>Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast
>Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
>Signed-off-by: Kees Cook <keescook@chromium.org>
>Suggested-by: Solar Designer <solar@openwall.com>
>Suggested-by: Kees Cook <keescook@chromium.org>
>Cc: Al Viro <viro@zeniv.linux.org.uk>
>Cc: Dan Carpenter <dan.carpenter@oracle.com>
>Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
>Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Loic, could you please sign off on this one? You did so for the other
but not this.
--
Thanks,
Sasha
next prev parent reply other threads:[~2018-11-16 3:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-23 18:37 [PATCH] namei: allow restricted O_CREAT of FIFOs and regular files Loic
2018-10-30 20:28 ` Kees Cook
2018-10-31 15:00 ` Sasha Levin
2018-10-31 16:27 ` Kees Cook
2018-10-31 20:57 ` Loic
2018-11-15 17:05 ` Sasha Levin [this message]
2018-11-15 18:26 ` Sasha Levin
2018-11-15 19:24 ` Loic
2018-11-29 12:28 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181115170549.GD95254@sasha-vm \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=hackurx@opensec.fr \
--cc=keescook@chromium.org \
--cc=s.mesoraca16@gmail.com \
--cc=solar@openwall.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox