This patch checks whether another user is trying to send a chrooted application
by
a non-root user a fd to a directory, which will allow it to escape.
By preventing this kind of fd transfer to chrooted applications by non-root
users,
certain security risks are mitigated.
Signed-off-by: Tal Tchwella <tchwe...@mit.edu>
---
net/core/scm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/core/scm.c b/net/core/scm.c
index ff52ad0..e505528 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -282,6 +282,15 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie
*scm)
for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
i++, cmfptr++)
{
+ /*
+ * Restricts passing of fds via unix domain sockets to non-root
+ * chrooted applications to files and does not allow directories
+ * to be passed.
+ */
+ if (current->user_chroot == CHROOT_USER_MODE) {
+ if (S_ISDIR(fp[i]->f_dentry->d_inode->i_mode))
+ continue;
+ }
int new_fd;
err = security_file_receive(fp[i]);
if (err)
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
