[patch 4/4] MAP_NOZERO v2 - avoid ptrace/setuid+exec races

It can happen that a root application doing:

     setuid(newuid);
                         <- ptrace_attach();
     exec(...);
     exit(1);

is raced by an application running under "newuid" and is ptrace-attached
and its memory is peek/poke.
The patch add a new "exec uid" that is set only after the complete detach
from the old process context is done. The ptrace's may_attach() function
is also changed to check that the attacher xuid matches the attached xuid.



Signed-off-by: Davide Libenzi <[email protected]>


- Davide


---
 fs/exec.c             |    2 ++
 include/linux/sched.h |    2 +-
 kernel/ptrace.c       |    1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

Index: linux-2.6.mod/fs/exec.c
===================================================================
--- linux-2.6.mod.orig/fs/exec.c	2007-06-28 11:45:06.000000000 -0700
+++ linux-2.6.mod/fs/exec.c	2007-06-28 11:45:20.000000000 -0700
@@ -905,6 +905,8 @@
 	flush_signal_handlers(current, 0);
 	flush_old_files(current->files);
 
+	current->xuid = current->uid;
+
 	return 0;
 
 mmap_failed:
Index: linux-2.6.mod/include/linux/sched.h
===================================================================
--- linux-2.6.mod.orig/include/linux/sched.h	2007-06-28 11:45:20.000000000 -0700
+++ linux-2.6.mod/include/linux/sched.h	2007-06-28 11:45:20.000000000 -0700
@@ -917,7 +917,7 @@
 	struct list_head cpu_timers[3];
 
 /* process credentials */
-	uid_t uid,euid,suid,fsuid;
+	uid_t uid,euid,suid,fsuid,xuid;
 	gid_t gid,egid,sgid,fsgid;
 	struct group_info *group_info;
 	kernel_cap_t   cap_effective, cap_inheritable, cap_permitted;
Index: linux-2.6.mod/kernel/ptrace.c
===================================================================
--- linux-2.6.mod.orig/kernel/ptrace.c	2007-06-28 11:45:06.000000000 -0700
+++ linux-2.6.mod/kernel/ptrace.c	2007-06-28 11:45:20.000000000 -0700
@@ -135,6 +135,7 @@
 		return 0;
 	if (((current->uid != task->euid) ||
 	     (current->uid != task->suid) ||
+	     (current->xuid != task->xuid) ||
 	     (current->uid != task->uid) ||
 	     (current->gid != task->egid) ||
 	     (current->gid != task->sgid) ||

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: [patch 3/4] MAP_NOZERO v2 - wire sys_brk2() to the x86 family
• Next by Date: Re: [PATCH 1/7] ICH Force HPET: Make generic time capable of switching broadcast timer
• Previous by thread: [patch 3/4] MAP_NOZERO v2 - wire sys_brk2() to the x86 family
• Next by thread: Moving MD/LVM from PPC to x86
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]