[PATCH] proc: prevent changes to overridden credentials

Paul Moore paul at paul-moore.com
Mon Apr 29 13:57:01 UTC 2019


On Fri, Apr 19, 2019 at 4:27 PM James Morris <jmorris at namei.org> wrote:
> On Fri, 19 Apr 2019, Paul Moore wrote:
> > On Fri, Apr 19, 2019 at 2:55 PM Paul Moore <paul at paul-moore.com> wrote:
> > > Prevent userspace from changing the the /proc/PID/attr values if the
> > > task's credentials are currently overriden.  This not only makes sense
> > > conceptually, it also prevents some really bizarre error cases caused
> > > when trying to commit credentials to a task with overridden
> > > credentials.
> > >
> > > Cc: <stable at vger.kernel.org>
> > > Reported-by: "chengjian (D)" <cj.chengjian at huawei.com>
> > > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > > ---
> > >  fs/proc/base.c |    5 +++++
> > >  1 file changed, 5 insertions(+)
> >
> > I sent this to the LSM list as I figure it should probably go via
> > James' linux-security tree since it is cross-LSM and doesn't really
> > contain any LSM specific code.  That said, if you don't want this
> > James let me know and I'll send it via the SELinux tree assuming I can
> > get ACKs from John and Casey (this should only affect SELinux,
> > AppArmor, and Smack).
>
> This is fine to go via your tree.

Okay.  I just merged this into selinux/next.  I was sitting on this
patch to see how the other thread developed, but that doesn't really
seem to be reaching any conclusion and I really want this to get at
least one week in -next before the merge window opens.

Thanks everyone.

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list