> On Dec 2, 2015, at 16:03, Kees Cook <keesc...@chromium.org> wrote: > > Normally, when a user can modify a file that has setuid or setgid bits, > those bits are cleared when they are not the file owner or a member > of the group. This is enforced when using write and truncate but not > when writing to a shared mmap on the file. This could allow the file > writer to gain privileges by changing a binary without losing the > setuid/setgid/caps bits. > > Changing the bits requires holding inode->i_mutex, so it cannot be done > during the page fault (due to mmap_sem being held during the fault). > Instead, clear the bits if PROT_WRITE is being used at mmap time. > > Signed-off-by: Kees Cook <keesc...@chromium.org> > Cc: sta...@vger.kernel.org > —
is this means mprotect() sys call also need add this check? mprotect() can change to PROT_WRITE, then it can write to a read only map again , also a secure hole here . Thanks -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
