On 04/10/13 10:41, Kees Cook wrote: > On Wed, Aug 28, 2013 at 1:49 PM, Kees Cook <keesc...@chromium.org> wrote:
<snip> > > BTW, this just came to my attention: > http://marc.info/?l=linux-kernel&m=138049414321387&w=2 > > Same problem, just for /proc/kallsyms. This would benefit from the > open vs read cred check as well, I think. I was actually just about to put together a repost of this. Sorry I missed you off the original Cc list, get_maintainer didn't list you. I wanted to at least change the comment mentioning "badly written" setuid binaries. That isn't really true, as George Spelvin pointed out, even a setuid binary which opens the file with dropped priviledges, but reads it after re-elevating privileges will be susceptible to this. Setuid apps could be more precautious by doing the open + read into memory of user files with the privileges dropped, so that once privileges are re-elevated only the in-memory copy is used. I still think in-kernel fixing is a good idea too though, since it hardens against user-space setuid apps that don't do this. This was just the simplest approach to fixing the problem that I could think of. I'm open to suggestions for a better solution. ~Ryan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
