From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.kernel.org ([198.145.29.99]:59416 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726534AbeKPDOd (ORCPT ); Thu, 15 Nov 2018 22:14:33 -0500 Date: Thu, 15 Nov 2018 12:05:49 -0500 From: Sasha Levin To: Loic Cc: stable@vger.kernel.org, s.mesoraca16@gmail.com, keescook@chromium.org, solar@openwall.com, viro@zeniv.linux.org.uk, dan.carpenter@oracle.com, akpm@linux-foundation.org, torvalds@linux-foundation.org Subject: Re: [PATCH] namei: allow restricted O_CREAT of FIFOs and regular files Message-ID: <20181115170549.GD95254@sasha-vm> References: <20181023203739.c43434428c1886d87e5e86e1@opensec.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20181023203739.c43434428c1886d87e5e86e1@opensec.fr> Sender: stable-owner@vger.kernel.org List-ID: On Tue, Oct 23, 2018 at 08:37:39PM +0200, Loic wrote: >Hello, > >Please picked up this patch for linux 4.9 and 4.14 (linux 4.4 needs a small modification). >Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel. > >Compiled/tested without problem. > >Thank. > >[ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ] > >From: Salvatore Mesoraca >Date: Thu, 23 Aug 2018 17:00:35 -0700 >Subject: namei: allow restricted O_CREAT of FIFOs and regular files > >Disallows open of FIFOs or regular files not owned by the user in world >writable sticky directories, unless the owner is the same as that of the >directory or the file is opened without the O_CREAT flag. The purpose >is to make data spoofing attacks harder. This protection can be turned >on and off separately for FIFOs and regular files via sysctl, just like >the symlinks/hardlinks protection. This patch is based on Openwall's >"HARDEN_FIFO" feature by Solar Designer. > >This is a brief list of old vulnerabilities that could have been prevented >by this feature, some of them even allow for privilege escalation: > >CVE-2000-1134 >CVE-2007-3852 >CVE-2008-0525 >CVE-2009-0416 >CVE-2011-4834 >CVE-2015-1838 >CVE-2015-7442 >CVE-2016-7489 > >This list is not meant to be complete. It's difficult to track down all >vulnerabilities of this kind because they were often reported without any >mention of this particular attack vector. In fact, before >hardlinks/symlinks restrictions, fifos/regular files weren't the favorite >vehicle to exploit them. > >[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter] > Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda > Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com >[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] >[keescook@chromium.org: adjust commit subjet] >Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast >Signed-off-by: Salvatore Mesoraca >Signed-off-by: Kees Cook >Suggested-by: Solar Designer >Suggested-by: Kees Cook >Cc: Al Viro >Cc: Dan Carpenter >Signed-off-by: Andrew Morton >Signed-off-by: Linus Torvalds Loic, could you please sign off on this one? You did so for the other but not this. -- Thanks, Sasha