On 2016-04-15 12:48, Linus Torvalds wrote:
On Fri, Apr 15, 2016 at 8:46 AM, Emrah Demir <e...@abdsec.com> wrote:
file_ns_capable bring some problems.
No it does not. file_ns_capable() is _required_ for security. We have
had several security issues with file IO doing "capable()", and it's
wrong and insecure.
Of course file_ns_capable() is required, I didn't know you made some
changes in include/linux/seq_file.h file
I used capable and now there is no problem as far as I tested.
You just screwed up the security, and with your change, a suid
application can be fooled into making the hidden data available to
non-secure users.
Sorry for screwing up the security. I would never wish to do that. As
you said a suid application could screw up things.
"capable()" is wrong. For file reading, you *have* to use
file_ns_capable(). It really is that simple. You should not test the
capabilities of the process, you should be testing the capabilities of
the file descriptor, which comes from the *open-time* capabilities.
It sounds like you applied just the patch to kernel/resource.c,
without applying the infrastructure patch.
You also need commit 34dbbcdbf633 ("Make file credentials available to
the seqfile interfaces").
Yeah, you are right. I didn't see that commit. It's okay now. Thank you!
-Emrah
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
