diff options
| author | Andrew Morton <akpm@osdl.org> | 2004-04-26 08:55:51 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-04-26 08:55:51 -0700 |
| commit | 10c189cdc6b127955068fcfb812d021b5ed32be6 (patch) | |
| tree | fa62ae052c2ccd3861534987bd23b18944431db2 /include/linux/loop.h | |
| parent | f6cfe4f8ce4b5bc13a0ade4daf267fdf5b0e61c9 (diff) | |
[PATCH] credentials locking fix
From: Chris Wright <chrisw@osdl.org>
Contributions from:
Stephen Smalley <sds@epoch.ncsc.mil>
Andy Lutomirski <luto@stanford.edu>
During exec the LSM bprm_apply_creds() hooks may tranisition the program to a
new security context (like setuid binaries). The security context of the new
task is dependent on state such as if the task is being ptraced.
ptrace_detach() doesn't take the task_lock() when clearing task->ptrace. So
there is a race possible where a process starts off being ptraced, the
malicious ptracer detaches and if any checks agains task->ptrace are done more
than once, the results are indeterminate.
This patch ensures task_lock() is held while bprm_apply_creds() hooks are
called, keeping it safe against ptrace_attach() races. Additionally, tests
against task->ptrace (and ->fs->count, ->files->count and ->sighand->count all
of which signify potential unsafe resource sharing during a security context
transition) are done only once the results are passed down to hooks, making it
safe against ptrace_detach() races.
Additionally:
- s/must_must_not_trace_exec/unsafe_exec/
- move unsafe_exec() call above security_bprm_apply_creds() call rather than
in call for readability.
- fix dummy hook to honor the case where root is ptracing
- couple minor formatting/spelling fixes
Diffstat (limited to 'include/linux/loop.h')
0 files changed, 0 insertions, 0 deletions