Re: [PATCH] namei: allow restricted O_CREAT of FIFOs and regular files

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: Loic <hackurx@opensec.fr>
Cc: stable@vger.kernel.org, s.mesoraca16@gmail.com,
	keescook@chromium.org, solar@openwall.com,
	viro@zeniv.linux.org.uk, dan.carpenter@oracle.com,
	akpm@linux-foundation.org, torvalds@linux-foundation.org
Subject: Re: [PATCH] namei: allow restricted O_CREAT of FIFOs and regular files
Date: Thu, 15 Nov 2018 13:26:20 -0500	[thread overview]
Message-ID: <20181115182620.GM95254@sasha-vm> (raw)
In-Reply-To: <20181115170549.GD95254@sasha-vm>

On Thu, Nov 15, 2018 at 12:05:49PM -0500, Sasha Levin wrote:
>On Tue, Oct 23, 2018 at 08:37:39PM +0200, Loic wrote:
>>Hello,
>>
>>Please picked up this patch for linux 4.9 and 4.14 (linux 4.4 needs a small modification).
>>Indeed, this code will be beneficial to the GNU/Linux distributions that use a longterm kernel.
>>
>>Compiled/tested without problem.
>>
>>Thank.
>>
>>[ Upstream commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 ]
>>
>>From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
>>Date: Thu, 23 Aug 2018 17:00:35 -0700
>>Subject: namei: allow restricted O_CREAT of FIFOs and regular files
>>
>>Disallows open of FIFOs or regular files not owned by the user in world
>>writable sticky directories, unless the owner is the same as that of the
>>directory or the file is opened without the O_CREAT flag.  The purpose
>>is to make data spoofing attacks harder.  This protection can be turned
>>on and off separately for FIFOs and regular files via sysctl, just like
>>the symlinks/hardlinks protection.  This patch is based on Openwall's
>>"HARDEN_FIFO" feature by Solar Designer.
>>
>>This is a brief list of old vulnerabilities that could have been prevented
>>by this feature, some of them even allow for privilege escalation:
>>
>>CVE-2000-1134
>>CVE-2007-3852
>>CVE-2008-0525
>>CVE-2009-0416
>>CVE-2011-4834
>>CVE-2015-1838
>>CVE-2015-7442
>>CVE-2016-7489
>>
>>This list is not meant to be complete.  It's difficult to track down all
>>vulnerabilities of this kind because they were often reported without any
>>mention of this particular attack vector.  In fact, before
>>hardlinks/symlinks restrictions, fifos/regular files weren't the favorite
>>vehicle to exploit them.
>>
>>[s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter]
>> Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda
>> Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com
>>[keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future]
>>[keescook@chromium.org: adjust commit subjet]
>>Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast
>>Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
>>Signed-off-by: Kees Cook <keescook@chromium.org>
>>Suggested-by: Solar Designer <solar@openwall.com>
>>Suggested-by: Kees Cook <keescook@chromium.org>
>>Cc: Al Viro <viro@zeniv.linux.org.uk>
>>Cc: Dan Carpenter <dan.carpenter@oracle.com>
>>Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
>>Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>
>Loic, could you please sign off on this one? You did so for the other
>but not this.

Actually, you only Cc'ed yourself on the other one, you'd need to sign
off on both of them. It's fine doing it as a reply for each commit, no
need to respin the patch.

--
Thanks,
Sasha

next prev parent reply	other threads:[~2018-11-16  4:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-23 18:37 [PATCH] namei: allow restricted O_CREAT of FIFOs and regular files Loic
2018-10-30 20:28 ` Kees Cook
2018-10-31 15:00   ` Sasha Levin
2018-10-31 16:27     ` Kees Cook
2018-10-31 20:57       ` Loic
2018-11-15 17:05 ` Sasha Levin
2018-11-15 18:26   ` Sasha Levin [this message]
2018-11-15 19:24   ` Loic
2018-11-29 12:28 ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181115182620.GM95254@sasha-vm \
    --to=sashal@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=dan.carpenter@oracle.com \
    --cc=hackurx@opensec.fr \
    --cc=keescook@chromium.org \
    --cc=s.mesoraca16@gmail.com \
    --cc=solar@openwall.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox